#1 · cve_id CVE-2023-47518 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Un auth ▁ . Reflected Cross-Site Scripting ▁ ( XSS ▁ ) ▁vulnerability ▁in ▁Matthew ▁Mur o ▁Re strict ▁Cat ego ries plugin ▁< = ▁2 . 6 . 4 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.
SHAP (words)Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2. 6. 4 versions
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Matthew Mu ##ro Rest ##ric ##t Cat ##ego ##ries plugin < = 2 . 6 . 4 versions . [SEP]
LRP (+Pred, pos-only)[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Matthew Mu ##ro Rest ##ric ##t Cat ##ego ##ries plugin < = 2 . 6 . 4 versions . [SEP]
LIME (words)Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.
SHAP (words)Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2. 6. 4 versions
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Matthew Mu ##ro Rest ##ric ##t Cat ##ego ##ries plugin < = 2 . 6 . 4 versions . [SEP]
LRP (+Pred, pos-only)[CLS] Un auth . Reflected Cross-Site Scripting ( XSS ) vulnerability in Matthew Mu ##ro Rest ##ric ##t Cat ##ego ##ries plugin < = 2 . 6 . 4 versions . [SEP]
LIME (words)Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.
SHAP (words)Unauth. Reflected Cross- Site Scripting ( XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2. 6. 4 versions
Download method SVGs Download ALL-in-one SVG
#2 · cve_id CVE-2020-11441 · s
GT=CHANGED (1)
xlnet · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)phpMyAdmin ▁5 . 0 . 2 ▁allows CRLF inject ▁ ion ▁as ▁demonstrated ▁by ▁ % 0 D % 0 A string % 0 D % 0 A ▁input s ▁to login ▁form ▁fields ▁causing CRLF ▁sequences ▁to ▁be ▁reflected ▁on ▁an err ▁or ▁page . NOT ▁E : ▁the ▁vendor ▁states ▁ " I ▁don ' t ▁see ▁anything spec ▁if ically exploitable ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)phpMyAdmin 5.0.2 allows CRLF injection as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
SHAP (words)phpMyAdmin 5. 0. 2 allows CRLF injection as demonstrated by % 0D% 0Astring% 0D% 0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states " I don' t see anything specifically exploitable
lrp-bert · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] phpMyAdmin 5 . 0 . 2 allows CRLF inject ion as demonstrated by % 0 ##D % 0 ##As ##tring % 0 ##D % 0 ##A inputs to login form fields causing CRLF sequences to be reflected on an err or page . NOT E : the vendor states " I don ' t see anything spec if ##ically exploitable . [SEP]
LRP (+Pred, pos-only)[CLS] phpMyAdmin 5 . 0 . 2 allows CRLF inject ion as demonstrated by % 0 ##D % 0 ##As ##tring % 0 ##D % 0 ##A inputs to login form fields causing CRLF sequences to be reflected on an err or page . NOT E : the vendor states " I don ' t see anything spec if ##ically exploitable . [SEP]
LIME (words)phpMyAdmin 5.0.2 allows CRLF injection as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
SHAP (words)phpMyAdmin 5. 0. 2 allows CRLF injection as demonstrated by % 0D% 0Astring% 0D% 0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states " I don' t see anything specifically exploitable
lrp-distilbert · Pred=CHANGED (1) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] phpMyAdmin 5 . 0 . 2 allows CRLF inject ion as demonstrated by % 0 ##D % 0 ##As ##tring % 0 ##D % 0 ##A inputs to login form fields causing CRLF sequences to be reflected on an err or page . NOT E : the vendor states " I don ' t see anything spec if ##ically exploitable . [SEP]
LRP (+Pred, pos-only)[CLS] phpMyAdmin 5 . 0 . 2 allows CRLF inject ion as demonstrated by % 0 ##D % 0 ##As ##tring % 0 ##D % 0 ##A inputs to login form fields causing CRLF sequences to be reflected on an err or page . NOT E : the vendor states " I don ' t see anything spec if ##ically exploitable . [SEP]
LIME (words)phpMyAdmin 5.0.2 allows CRLF injection as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.
SHAP (words)phpMyAdmin 5. 0. 2 allows CRLF injection as demonstrated by % 0D% 0Astring% 0D% 0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states " I don' t see anything specifically exploitable
Download method SVGs Download ALL-in-one SVG
#3 · cve_id CVE-2020-26563 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ Object Plan et ▁Op in io ▁before ▁7 . 14 ▁allows ▁reflected XSS ▁via ▁the ▁survey / admin ▁ / sur vey Admin ▁ . do ? action = view S ur vey Admin query ▁string . ▁ ( There ▁is ▁also ▁stored XSS ▁if ▁input ▁to ▁survey / admin ▁ / * . do ▁is ▁accepted ▁from untrusted ▁users . ) <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)
SHAP (words)ObjectPlanet Opinio before 7. 14 allows reflected XSS via the survey/ admin/ surveyAdmin. do? action= viewSurveyAdmin query string. ( There is also stored XSS if input to survey/ admin/*. do is accepted from untrusted users
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Object Planet Op ##ini ##o before 7 . 14 allows reflected XSS via the survey / admin / survey Admin . do ? action = view ##S ##ur ##vey Admin query string . ( There is also stored XSS if input to survey / admin / * . do is accepted from untrusted users . ) [SEP]
LRP (+Pred, pos-only)[CLS] Object Planet Op ##ini ##o before 7 . 14 allows reflected XSS via the survey / admin / survey Admin . do ? action = view ##S ##ur ##vey Admin query string . ( There is also stored XSS if input to survey / admin / * . do is accepted from untrusted users . ) [SEP]
LIME (words)ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)
SHAP (words)ObjectPlanet Opinio before 7. 14 allows reflected XSS via the survey/ admin/ surveyAdmin. do? action= viewSurveyAdmin query string. ( There is also stored XSS if input to survey/ admin/*. do is accepted from untrusted users
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Object Planet Op ##ini ##o before 7 . 14 allows reflected XSS via the survey / admin / survey Admin . do ? action = view ##S ##ur ##vey Admin query string . ( There is also stored XSS if input to survey / admin / * . do is accepted from untrusted users . ) [SEP]
LRP (+Pred, pos-only)[CLS] Object Planet Op ##ini ##o before 7 . 14 allows reflected XSS via the survey / admin / survey Admin . do ? action = view ##S ##ur ##vey Admin query string . ( There is also stored XSS if input to survey / admin / * . do is accepted from untrusted users . ) [SEP]
LIME (words)ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.)
SHAP (words)ObjectPlanet Opinio before 7. 14 allows reflected XSS via the survey/ admin/ surveyAdmin. do? action= viewSurveyAdmin query string. ( There is also stored XSS if input to survey/ admin/*. do is accepted from untrusted users
Download method SVGs Download ALL-in-one SVG
#4 · cve_id CVE-2021-2144 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Vulnerability ▁in ▁the MySQL ▁Server ▁product ▁of ▁Oracle MySQL ▁ ( com ponent : ▁Server : Parser ▁ ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁5 . 7 . 29 ▁and ▁prior ▁and ▁8 . 0 . 19 ▁and ▁prior . Easily exploitable ▁vulnerability ▁allows ▁high ▁privileged ▁attacker ▁with ▁network ▁access ▁via ▁multiple ▁protocols ▁to ▁compromise MySQL ▁Server . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of MySQL ▁Server . CVSS ▁3 . 1 ▁Base ▁Score ▁7 . 2 ▁ ( Con fid ▁ ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector ▁ : ▁ ( CVSS ▁ : 3 . 1/ AV : N / AC : L / PR : H / UI ▁ : N / S : U / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: Parser). Supported versions that are affected are 5. 7. 29 and prior and 8. 0. 19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3. 1 Base Score 7. 2 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : Parser ) . Supported versions that are affected are 5 . 7 . 29 and prior and 8 . 0 . 19 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in takeover of MySQL Server . CVSS 3 . 1 Base Score 7 . 2 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : Parser ) . Supported versions that are affected are 5 . 7 . 29 and prior and 8 . 0 . 19 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in takeover of MySQL Server . CVSS 3 . 1 Base Score 7 . 2 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: Parser). Supported versions that are affected are 5. 7. 29 and prior and 8. 0. 19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3. 1 Base Score 7. 2 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : Parser ) . Supported versions that are affected are 5 . 7 . 29 and prior and 8 . 0 . 19 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in takeover of MySQL Server . CVSS 3 . 1 Base Score 7 . 2 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : Parser ) . Supported versions that are affected are 5 . 7 . 29 and prior and 8 . 0 . 19 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in takeover of MySQL Server . CVSS 3 . 1 Base Score 7 . 2 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: Parser). Supported versions that are affected are 5. 7. 29 and prior and 8. 0. 19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3. 1 Base Score 7. 2 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: H/ I: H/ A: H
Download method SVGs Download ALL-in-one SVG
#5 · cve_id CVE-2021-42948 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Hotel Dr uid ▁Hotel Manage ▁ ment ▁Software ▁v 3 . 0 . 3 ▁and ▁below ▁was ▁di sc ▁over ed ▁to ▁have ▁exposed ▁ se ssi ▁on tokens ▁in ▁multiple ▁links ▁via ▁ GET param ▁ eter s ▁allowing ▁attackers ▁to ▁access ▁user ▁ se ssi ▁on ▁ id ' s . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id's.
SHAP (words)HotelDruid Hotel Management Software v3. 0. 3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id' s
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Hotel ##D ##r uid Hotel Manage men ##t Software v ##3 . 0 . 3 and below was di sc over ##ed to have exposed se ssi on tokens in m ##ult ip le links via GET param et ##ers allowing attackers to access user se ssi on id ' s . [SEP]
LRP (+Pred, pos-only)[CLS] Hotel ##D ##r uid Hotel Manage men ##t Software v ##3 . 0 . 3 and below was di sc over ##ed to have exposed se ssi on tokens in m ##ult ip le links via GET param et ##ers allowing attackers to access user se ssi on id ' s . [SEP]
LIME (words)HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id's.
SHAP (words)HotelDruid Hotel Management Software v3. 0. 3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id' s
lrp-distilbert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Hotel ##D ##r uid Hotel Manage men ##t Software v ##3 . 0 . 3 and below was di sc over ##ed to have exposed se ssi on tokens in m ##ult ip le links via GET param et ##ers allowing attackers to access user se ssi on id ' s . [SEP]
LRP (+Pred, pos-only)[CLS] Hotel ##D ##r uid Hotel Manage men ##t Software v ##3 . 0 . 3 and below was di sc over ##ed to have exposed se ssi on tokens in m ##ult ip le links via GET param et ##ers allowing attackers to access user se ssi on id ' s . [SEP]
LIME (words)HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id's.
SHAP (words)HotelDruid Hotel Management Software v3. 0. 3 and below was discovered to have exposed session tokens in multiple links via GET parameters allowing attackers to access user session id' s
Download method SVGs Download ALL-in-one SVG
#6 · cve_id CVE-2022-1773 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁ WP ▁Athletics WordPress plugin ▁through ▁1 . 1 . 7 ▁does ▁not sanitise ▁and ▁ e sc ▁a pe ▁a param ▁ eter ▁before outputting ▁back ▁in ▁an admin ▁page ▁leading ▁to ▁a Reflected Cross-Site Scripting <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross-Site Scripting
SHAP (words)The WP Athletics WordPress plugin through 1. 1. 7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross- Site Scripting
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Athletics WordPress plugin through 1 . 1 . 7 does not sanitise and e sc a ##pe a param et ##er before outputting back in an admin page leading to a Reflected Cross-Site Scripting [SEP]
LRP (+Pred, pos-only)[CLS] The WP Athletics WordPress plugin through 1 . 1 . 7 does not sanitise and e sc a ##pe a param et ##er before outputting back in an admin page leading to a Reflected Cross-Site Scripting [SEP]
LIME (words)The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross-Site Scripting
SHAP (words)The WP Athletics WordPress plugin through 1. 1. 7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross- Site Scripting
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Athletics WordPress plugin through 1 . 1 . 7 does not sanitise and e sc a ##pe a param et ##er before outputting back in an admin page leading to a Reflected Cross-Site Scripting [SEP]
LRP (+Pred, pos-only)[CLS] The WP Athletics WordPress plugin through 1 . 1 . 7 does not sanitise and e sc a ##pe a param et ##er before outputting back in an admin page leading to a Reflected Cross-Site Scripting [SEP]
LIME (words)The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross-Site Scripting
SHAP (words)The WP Athletics WordPress plugin through 1. 1. 7 does not sanitise and escape a parameter before outputting back in an admin page leading to a Reflected Cross- Site Scripting
Download method SVGs Download ALL-in-one SVG
#7 · cve_id CVE-2019-19736 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)MFScripts YetiShare ▁3 . 5 . 2 ▁through ▁4 . 5 . 3 ▁does ▁not ▁set ▁the HttpOnly ▁flag ▁on ▁ se ssi ▁on ▁cookies ▁allowing ▁the ▁cookie ▁to ▁be ▁read ▁by sc ▁rip t ▁which ▁can ▁potentially ▁be ▁used ▁by ▁attackers ▁to ▁obtain ▁the ▁cookie ▁via cross-site scripting ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross-site scripting.
SHAP (words)MFScripts YetiShare 3. 5. 2 through 4. 5. 3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross- site scripting
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] MFScripts YetiShare 3 . 5 . 2 through 4 . 5 . 3 does not set the HttpOnly flag on se ssi on cookies allowing the cookie to be read by sc r ip t which can potentially be used by attackers to obtain the cookie via cross-site scripting . [SEP]
LRP (+Pred, pos-only)[CLS] MFScripts YetiShare 3 . 5 . 2 through 4 . 5 . 3 does not set the HttpOnly flag on se ssi on cookies allowing the cookie to be read by sc r ip t which can potentially be used by attackers to obtain the cookie via cross-site scripting . [SEP]
LIME (words)MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross-site scripting.
SHAP (words)MFScripts YetiShare 3. 5. 2 through 4. 5. 3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross- site scripting
lrp-distilbert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] MFScripts YetiShare 3 . 5 . 2 through 4 . 5 . 3 does not set the HttpOnly flag on se ssi on cookies allowing the cookie to be read by sc r ip t which can potentially be used by attackers to obtain the cookie via cross-site scripting . [SEP]
LRP (+Pred, pos-only)[CLS] MFScripts YetiShare 3 . 5 . 2 through 4 . 5 . 3 does not set the HttpOnly flag on se ssi on cookies allowing the cookie to be read by sc r ip t which can potentially be used by attackers to obtain the cookie via cross-site scripting . [SEP]
LIME (words)MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross-site scripting.
SHAP (words)MFScripts YetiShare 3. 5. 2 through 4. 5. 3 does not set the HttpOnly flag on session cookies allowing the cookie to be read by script which can potentially be used by attackers to obtain the cookie via cross- site scripting
Download method SVGs Download ALL-in-one SVG
#8 · cve_id CVE-2021-2115 · s
GT=CHANGED (1)
xlnet · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Vulnerability ▁in ▁the ▁Oracle ▁Common ▁Applications ▁ Calendar ▁product ▁of ▁Oracle E-Business ▁Suite ▁ ( com ponent : Tasks ▁ ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁12 . 1 . 1 - 12 . 1 . 3 ▁and ▁12 . 2 . 3 - 12 . 2 . 10 . Easily exploitable ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise ▁Oracle ▁Common ▁Applications ▁ Calendar . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker ▁and ▁while ▁the ▁vulnerability ▁is ▁in ▁Oracle ▁Common ▁Applications ▁ Calendar ▁attacks ▁may ▁significantly ▁impact ▁additional ▁products . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁access ▁to ▁critical ▁data ▁or ▁complete ▁access ▁to ▁all ▁Oracle ▁Common ▁Applications ▁ Calendar ▁ acce ssi ▁ ble ▁data ▁as ▁well ▁as unauthorized ▁update ▁insert ▁or delete ▁access ▁to ▁some ▁of ▁Oracle ▁Common ▁Applications ▁ Calendar ▁ acce ssi ▁ ble ▁data . CVSS ▁3 . 1 ▁Base ▁Score ▁7 . 6 ▁ ( Con fid ▁ ential ity ▁and Integrity ▁impacts ) . CVSS Vector ▁ : ▁ ( CVSS ▁ : 3 . 1/ AV : N / AC : L / PR : L / UI ▁ : R / S : C / C : H / I : L / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
SHAP (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E- Business Suite ( component: Tasks). Supported versions that are affected are 12. 1. 1- 12. 1. 3 and 12. 2. 3- 12. 2. 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3. 1 Base Score 7. 6 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: R/ S: C/ C: H/ I: L/ A: N
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle Common App l ##ica ##tions Calendar product of Oracle E-Business Su ite ( component : Tasks ) . Supported versions that are affected are 12 . 1 . 1 - 12 . 1 . 3 and 12 . 2 . 3 - 12 . 2 . 10 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common App l ##ica ##tions Calendar . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Oracle Common App l ##ica ##tions Calendar attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data as well as unauthorized update insert or delete access to some of Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 7 . 6 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : R / S : C / C : H / I : L / A : N ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle Common App l ##ica ##tions Calendar product of Oracle E-Business Su ite ( component : Tasks ) . Supported versions that are affected are 12 . 1 . 1 - 12 . 1 . 3 and 12 . 2 . 3 - 12 . 2 . 10 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common App l ##ica ##tions Calendar . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Oracle Common App l ##ica ##tions Calendar attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data as well as unauthorized update insert or delete access to some of Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 7 . 6 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : R / S : C / C : H / I : L / A : N ) . [SEP]
LIME (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
SHAP (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E- Business Suite ( component: Tasks). Supported versions that are affected are 12. 1. 1- 12. 1. 3 and 12. 2. 3- 12. 2. 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3. 1 Base Score 7. 6 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: R/ S: C/ C: H/ I: L/ A: N
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle Common App l ##ica ##tions Calendar product of Oracle E-Business Su ite ( component : Tasks ) . Supported versions that are affected are 12 . 1 . 1 - 12 . 1 . 3 and 12 . 2 . 3 - 12 . 2 . 10 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common App l ##ica ##tions Calendar . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Oracle Common App l ##ica ##tions Calendar attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data as well as unauthorized update insert or delete access to some of Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 7 . 6 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : R / S : C / C : H / I : L / A : N ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle Common App l ##ica ##tions Calendar product of Oracle E-Business Su ite ( component : Tasks ) . Supported versions that are affected are 12 . 1 . 1 - 12 . 1 . 3 and 12 . 2 . 3 - 12 . 2 . 10 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common App l ##ica ##tions Calendar . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in Oracle Common App l ##ica ##tions Calendar attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data as well as unauthorized update insert or delete access to some of Oracle Common App l ##ica ##tions Calendar a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 7 . 6 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : R / S : C / C : H / I : L / A : N ) . [SEP]
LIME (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
SHAP (words)Vulnerability in the Oracle Common Applications Calendar product of Oracle E- Business Suite ( component: Tasks). Supported versions that are affected are 12. 1. 1- 12. 1. 3 and 12. 2. 3- 12. 2. 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications Calendar attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications Calendar accessible data as well as unauthorized update insert or delete access to some of Oracle Common Applications Calendar accessible data. CVSS 3. 1 Base Score 7. 6 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: R/ S: C/ C: H/ I: L/ A: N
Download method SVGs Download ALL-in-one SVG
#9 · cve_id CVE-2020-0147 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁ b tu _ h c if _ e sc ▁ o _ connect ion _ ch g _ ev t ▁of ▁ b tu _ h c if . cc ▁there ▁is ▁a ▁po ssi ▁ ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁a ▁mi ssi ▁ ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local ▁in for matio ▁ n ▁di sc ▁ los ure ▁via ▁compromised ▁device firmware ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions ▁ : ▁Android - 10 And roid ▁ID : ▁A - 14 26 38 39 2 <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In btu_hcif_esco_connection_chg_evt of btu_hcif.cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392
SHAP (words)In btu_hcif_esco_connection_chg_evt of btu_hcif. cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 142638392
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In b ##tu _ h ##ci ##f _ e sc o _ connection _ ch ##g _ e ##v ##t of b ##tu _ h ##ci ##f . cc there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure via compromised dev ice firmware with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 142 ##6 ##38 ##39 ##2 [SEP]
LRP (+Pred, pos-only)[CLS] In b ##tu _ h ##ci ##f _ e sc o _ connection _ ch ##g _ e ##v ##t of b ##tu _ h ##ci ##f . cc there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure via compromised dev ice firmware with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 142 ##6 ##38 ##39 ##2 [SEP]
LIME (words)In btu_hcif_esco_connection_chg_evt of btu_hcif.cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392
SHAP (words)In btu_hcif_esco_connection_chg_evt of btu_hcif. cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 142638392
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In b ##tu _ h ##ci ##f _ e sc o _ connection _ ch ##g _ e ##v ##t of b ##tu _ h ##ci ##f . cc there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure via compromised dev ice firmware with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 142 ##6 ##38 ##39 ##2 [SEP]
LRP (+Pred, pos-only)[CLS] In b ##tu _ h ##ci ##f _ e sc o _ connection _ ch ##g _ e ##v ##t of b ##tu _ h ##ci ##f . cc there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure via compromised dev ice firmware with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 10 ##A ##nd ##roid ID : A - 142 ##6 ##38 ##39 ##2 [SEP]
LIME (words)In btu_hcif_esco_connection_chg_evt of btu_hcif.cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392
SHAP (words)In btu_hcif_esco_connection_chg_evt of btu_hcif. cc there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 10Android ID: A- 142638392
Download method SVGs Download ALL-in-one SVG
#10 · cve_id CVE-2021-45471 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In MediaWiki ▁through ▁1 . 37 ▁blocked ▁IP ▁addresses ▁are ▁allowed ▁to ▁edit Entity ▁Sche ma ▁items . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In MediaWiki through 1.37 blocked IP addresses are allowed to edit EntitySchema items.
SHAP (words)In MediaWiki through 1. 37 blocked IP addresses are allowed to edit EntitySchema items
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In MediaWiki through 1 . 37 blocked IP addresses are allowed to edit Entity Sc ##hem ##a ite m ##s . [SEP]
LRP (+Pred, pos-only)[CLS] In MediaWiki through 1 . 37 blocked IP addresses are allowed to edit Entity Sc ##hem ##a ite m ##s . [SEP]
LIME (words)In MediaWiki through 1.37 blocked IP addresses are allowed to edit EntitySchema items.
SHAP (words)In MediaWiki through 1. 37 blocked IP addresses are allowed to edit EntitySchema items
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In MediaWiki through 1 . 37 blocked IP addresses are allowed to edit Entity Sc ##hem ##a ite m ##s . [SEP]
LRP (+Pred, pos-only)[CLS] In MediaWiki through 1 . 37 blocked IP addresses are allowed to edit Entity Sc ##hem ##a ite m ##s . [SEP]
LIME (words)In MediaWiki through 1.37 blocked IP addresses are allowed to edit EntitySchema items.
SHAP (words)In MediaWiki through 1. 37 blocked IP addresses are allowed to edit EntitySchema items
Download method SVGs Download ALL-in-one SVG
#11 · cve_id CVE-2023-40151 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁When ▁user authentication ▁is ▁not ▁enabled ▁the ▁shell ▁can ▁execute ▁commands ▁with ▁the ▁highest ▁privileges . ▁Red ▁Lion ▁Six TRA K ▁and ▁Ver sa TRA K ▁Series RTU ▁ s ▁with authenticated ▁users ▁enabled ▁ ( U DR - A ) ▁any ▁Six net ▁U DR ▁message ▁will ▁meet ▁an authentication ▁challenge ▁over UDP ▁ / IP . ▁When ▁the ▁same ▁message ▁comes ▁over TCP ▁ / IP ▁the RTU ▁will ▁simply ▁accept ▁the ▁message ▁with ▁no authentication ▁challenge . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
SHAP (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled ( UDR- A) any Sixnet UDR message will meet an authentication challenge over UDP/ IP. When the same message comes over TCP/ IP the RTU will simply accept the message with no authentication challenge
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] When user authentication is not enabled the shell can exec u ##te commands with the highest privileges . Red Lion Six ##TR ##A ##K and Ver sa ##TR ##A ##K Series RTU s with authenticated users enabled ( U ##DR - A ) any Six ##net U ##DR message will meet an authentication challenge over UDP / IP . When the same message comes over TCP / IP the RTU will simply accept the message with no authentication challenge . [SEP]
LRP (+Pred, pos-only)[CLS] When user authentication is not enabled the shell can exec u ##te commands with the highest privileges . Red Lion Six ##TR ##A ##K and Ver sa ##TR ##A ##K Series RTU s with authenticated users enabled ( U ##DR - A ) any Six ##net U ##DR message will meet an authentication challenge over UDP / IP . When the same message comes over TCP / IP the RTU will simply accept the message with no authentication challenge . [SEP]
LIME (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
SHAP (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled ( UDR- A) any Sixnet UDR message will meet an authentication challenge over UDP/ IP. When the same message comes over TCP/ IP the RTU will simply accept the message with no authentication challenge
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] When user authentication is not enabled the shell can exec u ##te commands with the highest privileges . Red Lion Six ##TR ##A ##K and Ver sa ##TR ##A ##K Series RTU s with authenticated users enabled ( U ##DR - A ) any Six ##net U ##DR message will meet an authentication challenge over UDP / IP . When the same message comes over TCP / IP the RTU will simply accept the message with no authentication challenge . [SEP]
LRP (+Pred, pos-only)[CLS] When user authentication is not enabled the shell can exec u ##te commands with the highest privileges . Red Lion Six ##TR ##A ##K and Ver sa ##TR ##A ##K Series RTU s with authenticated users enabled ( U ##DR - A ) any Six ##net U ##DR message will meet an authentication challenge over UDP / IP . When the same message comes over TCP / IP the RTU will simply accept the message with no authentication challenge . [SEP]
LIME (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.
SHAP (words)When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled ( UDR- A) any Sixnet UDR message will meet an authentication challenge over UDP/ IP. When the same message comes over TCP/ IP the RTU will simply accept the message with no authentication challenge
Download method SVGs Download ALL-in-one SVG
#12 · cve_id CVE-2023-31140 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Open Pro ject ▁is ▁open ▁source ▁project ▁man a gem ▁ ent ▁software . ▁Starting ▁with ▁version ▁7 . 4 . 0 ▁and ▁prior ▁to ▁version ▁12 . 5 . 4 ▁when ▁a ▁user ▁register s ▁and ▁confirm s ▁their ▁first two-factor authentication ▁ ( 2 FA ) ▁device ▁for ▁an ▁account ▁existing ▁logged ▁in ▁ se ssi ▁on s ▁for ▁that ▁user ▁account ▁are ▁not ▁terminated . ▁Likewise ▁if ▁an admin ▁is tra tors ▁creates ▁a mobi ▁ le ▁phone ▁2 FA ▁device ▁on ▁behalf ▁of ▁a ▁user ▁their ▁existing ▁ se ssi ▁on s ▁are ▁not ▁terminated . ▁The ▁issue ▁has ▁been ▁resolved ▁in ▁Open Pro ject ▁version ▁12 . 5 . 4 ▁by ▁actively ▁ ter minating ▁ se ssi ▁on s ▁of ▁user ▁accounts ▁having ▁registered ▁and ▁confirmed ▁a ▁2 FA ▁device . ▁As ▁a workaround ▁users ▁who ▁register ▁the ▁first ▁2 FA ▁device ▁on ▁their ▁account ▁can ▁manually ▁log ▁out ▁to ▁terminate ▁all ▁other ▁active ▁ se ssi ▁on s . ▁This ▁is ▁the ▁default ▁behavior ▁of ▁Open Pro ject ▁but ▁might ▁be disable ▁ d ▁through ▁a ▁configuration ▁option . ▁Double ▁check ▁that ▁this ▁option ▁is ▁not ▁ ov err ▁ id den ▁if ▁one ▁plans ▁to ▁employ ▁the workaround ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4 when a user registers and confirms their first two-factor authentication (2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.
SHAP (words)OpenProject is open source project management software. Starting with version 7. 4. 0 and prior to version 12. 5. 4 when a user registers and confirms their first two- factor authentication ( 2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12. 5. 4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Open ##P ##ro ##ject is open source project man ##a gem en ##t software . S tar tin ##g with version 7 . 4 . 0 and prior to version 12 . 5 . 4 when a user registers and confirms their first two-factor authentication ( 2 ##FA ) dev ice for an account existing logged in se ssi on ##s for that user account are not terminated . Likewise if an admin is ##tra ##tors creates a mobi le phone 2 ##FA dev ice on behalf of a user their existing se ssi on ##s are not terminated . The issue has been resolved in Open ##P ##ro ##ject version 12 . 5 . 4 by actively terminating se ssi on ##s of user accounts having registered and confirmed a 2 ##FA dev ice . As a workaround users who register the first 2 ##FA dev ice on their account can manually log out to terminate all other active se ssi on ##s . This is the default behavior of Open ##P ##ro ##ject but might be disable d through a config u ##ration option . Double check that this option is not o ##v err id ##den if one plans to employ the workaround . [SEP]
LRP (+Pred, pos-only)[CLS] Open ##P ##ro ##ject is open source project man ##a gem en ##t software . S tar tin ##g with version 7 . 4 . 0 and prior to version 12 . 5 . 4 when a user registers and confirms their first two-factor authentication ( 2 ##FA ) dev ice for an account existing logged in se ssi on ##s for that user account are not terminated . Likewise if an admin is ##tra ##tors creates a mobi le phone 2 ##FA dev ice on behalf of a user their existing se ssi on ##s are not terminated . The issue has been resolved in Open ##P ##ro ##ject version 12 . 5 . 4 by actively terminating se ssi on ##s of user accounts having registered and confirmed a 2 ##FA dev ice . As a workaround users who register the first 2 ##FA dev ice on their account can manually log out to terminate all other active se ssi on ##s . This is the default behavior of Open ##P ##ro ##ject but might be disable d through a config u ##ration option . Double check that this option is not o ##v err id ##den if one plans to employ the workaround . [SEP]
LIME (words)OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4 when a user registers and confirms their first two-factor authentication (2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.
SHAP (words)OpenProject is open source project management software. Starting with version 7. 4. 0 and prior to version 12. 5. 4 when a user registers and confirms their first two- factor authentication ( 2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12. 5. 4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Open ##P ##ro ##ject is open source project man ##a gem en ##t software . S tar tin ##g with version 7 . 4 . 0 and prior to version 12 . 5 . 4 when a user registers and confirms their first two-factor authentication ( 2 ##FA ) dev ice for an account existing logged in se ssi on ##s for that user account are not terminated . Likewise if an admin is ##tra ##tors creates a mobi le phone 2 ##FA dev ice on behalf of a user their existing se ssi on ##s are not terminated . The issue has been resolved in Open ##P ##ro ##ject version 12 . 5 . 4 by actively terminating se ssi on ##s of user accounts having registered and confirmed a 2 ##FA dev ice . As a workaround users who register the first 2 ##FA dev ice on their account can manually log out to terminate all other active se ssi on ##s . This is the default behavior of Open ##P ##ro ##ject but might be disable d through a config u ##ration option . Double check that this option is not o ##v err id ##den if one plans to employ the workaround . [SEP]
LRP (+Pred, pos-only)[CLS] Open ##P ##ro ##ject is open source project man ##a gem en ##t software . S tar tin ##g with version 7 . 4 . 0 and prior to version 12 . 5 . 4 when a user registers and confirms their first two-factor authentication ( 2 ##FA ) dev ice for an account existing logged in se ssi on ##s for that user account are not terminated . Likewise if an admin is ##tra ##tors creates a mobi le phone 2 ##FA dev ice on behalf of a user their existing se ssi on ##s are not terminated . The issue has been resolved in Open ##P ##ro ##ject version 12 . 5 . 4 by actively terminating se ssi on ##s of user accounts having registered and confirmed a 2 ##FA dev ice . As a workaround users who register the first 2 ##FA dev ice on their account can manually log out to terminate all other active se ssi on ##s . This is the default behavior of Open ##P ##ro ##ject but might be disable d through a config u ##ration option . Double check that this option is not o ##v err id ##den if one plans to employ the workaround . [SEP]
LIME (words)OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4 when a user registers and confirms their first two-factor authentication (2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.
SHAP (words)OpenProject is open source project management software. Starting with version 7. 4. 0 and prior to version 12. 5. 4 when a user registers and confirms their first two- factor authentication ( 2FA) device for an account existing logged in sessions for that user account are not terminated. Likewise if an administrators creates a mobile phone 2FA device on behalf of a user their existing sessions are not terminated. The issue has been resolved in OpenProject version 12. 5. 4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround
Download method SVGs Download ALL-in-one SVG
#13 · cve_id CVE-2020-2323 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Jenkins ▁Chao s ▁Mon key Plugin ▁0 . 4 ▁and ▁earlier ▁does ▁not ▁perform ▁per mi ssi ▁on ▁checks ▁in ▁an HTTP endpoint ▁allowing ▁attackers ▁with ▁Overall / Read ▁per mi ssi ▁on ▁to ▁access ▁the ▁Chao s ▁Mon key ▁page ▁and ▁to ▁see ▁the ▁history ▁of ▁actions . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
SHAP (words)Jenkins Chaos Monkey Plugin 0. 4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/ Read permission to access the Chaos Monkey page and to see the history of actions
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Jenkins Chaos Monkey Plugin 0 . 4 and earlier does not perform per ##mi ssi on checks in an HTTP endpoint allowing attackers with Overall / Read per ##mi ssi on to access the Chaos Monkey page and to see the history of actions . [SEP]
LRP (+Pred, pos-only)[CLS] Jenkins Chaos Monkey Plugin 0 . 4 and earlier does not perform per ##mi ssi on checks in an HTTP endpoint allowing attackers with Overall / Read per ##mi ssi on to access the Chaos Monkey page and to see the history of actions . [SEP]
LIME (words)Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
SHAP (words)Jenkins Chaos Monkey Plugin 0. 4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/ Read permission to access the Chaos Monkey page and to see the history of actions
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Jenkins Chaos Monkey Plugin 0 . 4 and earlier does not perform per ##mi ssi on checks in an HTTP endpoint allowing attackers with Overall / Read per ##mi ssi on to access the Chaos Monkey page and to see the history of actions . [SEP]
LRP (+Pred, pos-only)[CLS] Jenkins Chaos Monkey Plugin 0 . 4 and earlier does not perform per ##mi ssi on checks in an HTTP endpoint allowing attackers with Overall / Read per ##mi ssi on to access the Chaos Monkey page and to see the history of actions . [SEP]
LIME (words)Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
SHAP (words)Jenkins Chaos Monkey Plugin 0. 4 and earlier does not perform permission checks in an HTTP endpoint allowing attackers with Overall/ Read permission to access the Chaos Monkey page and to see the history of actions
Download method SVGs Download ALL-in-one SVG
#14 · cve_id CVE-2023-2878 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Kubernetes ▁secrets - store -c ▁ si - driver ▁in ▁versions ▁before ▁1 . 3 . 3 discloses ▁service ▁account tokens ▁in ▁logs . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
SHAP (words)Kubernetes secrets- store- csi- driver in versions before 1. 3. 3 discloses service account tokens in logs
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kubernetes secrets - store -c si - driver in versions before 1 . 3 . 3 discloses service account tokens in logs . [SEP]
LRP (+Pred, pos-only)[CLS] Kubernetes secrets - store -c si - driver in versions before 1 . 3 . 3 discloses service account tokens in logs . [SEP]
LIME (words)Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
SHAP (words)Kubernetes secrets- store- csi- driver in versions before 1. 3. 3 discloses service account tokens in logs
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kubernetes secrets - store -c si - driver in versions before 1 . 3 . 3 discloses service account tokens in logs . [SEP]
LRP (+Pred, pos-only)[CLS] Kubernetes secrets - store -c si - driver in versions before 1 . 3 . 3 discloses service account tokens in logs . [SEP]
LIME (words)Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.
SHAP (words)Kubernetes secrets- store- csi- driver in versions before 1. 3. 3 discloses service account tokens in logs
Download method SVGs Download ALL-in-one SVG
#15 · cve_id CVE-2021-42635 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Printer Log ▁ ic ▁Web Stack ▁versions ▁19 . 1 . 1 . 13 ▁SP 9 ▁and ▁below ▁use ▁a hardcoded ▁ APP _ KEY ▁value ▁leading ▁to ▁pre - auth ▁remote ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value leading to pre-auth remote code execution.
SHAP (words)PrinterLogic Web Stack versions 19. 1. 1. 13 SP9 and below use a hardcoded APP_KEY value leading to pre- auth remote code execution
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Printer Log i ##c Web Stack versions 19 . 1 . 1 . 13 SP ##9 and below use a hardcoded APP _ K ##E ##Y value leading to pre - auth remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Printer Log i ##c Web Stack versions 19 . 1 . 1 . 13 SP ##9 and below use a hardcoded APP _ K ##E ##Y value leading to pre - auth remote code exec u ##tion . [SEP]
LIME (words)PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value leading to pre-auth remote code execution.
SHAP (words)PrinterLogic Web Stack versions 19. 1. 1. 13 SP9 and below use a hardcoded APP_KEY value leading to pre- auth remote code execution
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Printer Log i ##c Web Stack versions 19 . 1 . 1 . 13 SP ##9 and below use a hardcoded APP _ K ##E ##Y value leading to pre - auth remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Printer Log i ##c Web Stack versions 19 . 1 . 1 . 13 SP ##9 and below use a hardcoded APP _ K ##E ##Y value leading to pre - auth remote code exec u ##tion . [SEP]
LIME (words)PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value leading to pre-auth remote code execution.
SHAP (words)PrinterLogic Web Stack versions 19. 1. 1. 13 SP9 and below use a hardcoded APP_KEY value leading to pre- auth remote code execution
Download method SVGs Download ALL-in-one SVG
#16 · cve_id CVE-2022-23768 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁This Vulnerability ▁in ▁NI S - H AP 11 AC ▁is ▁caused ▁by ▁an ▁exposed ▁external ▁port ▁for ▁the telnet ▁service . Remote ▁attackers ▁use ▁this ▁vulnerability ▁to ▁induce ▁all ▁attacks ▁such ▁as ▁source ▁code hijacking ▁remote ▁control ▁of ▁the ▁device . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device.
SHAP (words)This Vulnerability in NIS- HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] This Vulnerability in N ##IS - HA P ##11 ##AC is caused by an exposed external port for the telnet service . Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the dev ice . [SEP]
LRP (+Pred, pos-only)[CLS] This Vulnerability in N ##IS - HA P ##11 ##AC is caused by an exposed external port for the telnet service . Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the dev ice . [SEP]
LIME (words)This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device.
SHAP (words)This Vulnerability in NIS- HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] This Vulnerability in N ##IS - HA P ##11 ##AC is caused by an exposed external port for the telnet service . Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the dev ice . [SEP]
LRP (+Pred, pos-only)[CLS] This Vulnerability in N ##IS - HA P ##11 ##AC is caused by an exposed external port for the telnet service . Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the dev ice . [SEP]
LIME (words)This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device.
SHAP (words)This Vulnerability in NIS- HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking remote control of the device
Download method SVGs Download ALL-in-one SVG
#17 · cve_id CVE-2020-6419 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Out ▁of ▁bound s ▁write ▁in ▁V 8 ▁in ▁Google Chrome ▁prior ▁to ▁81 . 0 . 40 44 . 92 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁exploit ▁heap ▁corruption ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)Out of bounds write in V8 in Google Chrome prior to 81. 0. 4044. 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Out of bounds w ##r ite in V8 in Google Chrome prior to 81 . 0 . 404 ##4 . 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)[CLS] Out of bounds w ##r ite in V8 in Google Chrome prior to 81 . 0 . 404 ##4 . 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)Out of bounds write in V8 in Google Chrome prior to 81. 0. 4044. 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Out of bounds w ##r ite in V8 in Google Chrome prior to 81 . 0 . 404 ##4 . 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)[CLS] Out of bounds w ##r ite in V8 in Google Chrome prior to 81 . 0 . 404 ##4 . 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page . [SEP]
LIME (words)Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
SHAP (words)Out of bounds write in V8 in Google Chrome prior to 81. 0. 4044. 92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page
Download method SVGs Download ALL-in-one SVG
#18 · cve_id CVE-2024-22592 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Fly Cms ▁v 1 . 0 ▁contains ▁a Cross-Site Request Forgery ▁ ( CSRF ▁ ) ▁vulnerability ▁via ▁ / system / user / group _ up date <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
SHAP (words)FlyCms v1. 0 contains a Cross- Site Request Forgery ( CSRF) vulnerability via / system/ user/ group_update
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Fly Cms v ##1 . 0 contains a Cross-Site Request Forgery ( CSRF ) vulnerability via / system / user / group _ update [SEP]
LRP (+Pred, pos-only)[CLS] Fly Cms v ##1 . 0 contains a Cross-Site Request Forgery ( CSRF ) vulnerability via / system / user / group _ update [SEP]
LIME (words)FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
SHAP (words)FlyCms v1. 0 contains a Cross- Site Request Forgery ( CSRF) vulnerability via / system/ user/ group_update
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Fly Cms v ##1 . 0 contains a Cross-Site Request Forgery ( CSRF ) vulnerability via / system / user / group _ update [SEP]
LRP (+Pred, pos-only)[CLS] Fly Cms v ##1 . 0 contains a Cross-Site Request Forgery ( CSRF ) vulnerability via / system / user / group _ update [SEP]
LIME (words)FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
SHAP (words)FlyCms v1. 0 contains a Cross- Site Request Forgery ( CSRF) vulnerability via / system/ user/ group_update
Download method SVGs Download ALL-in-one SVG
#19 · cve_id CVE-2023-33653 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Sitecore ▁Experience Plat ▁form ▁ ( XP ▁ ) ▁v 9 . 3 ▁was ▁di sc ▁over ed ▁to ▁contain ▁an authenticated ▁remote ▁code ▁execution ▁ ( RCE ▁ ) ▁vulnerability ▁via ▁the ▁component ▁ / A p plication s / Con tent % 20 Manage ▁ r / Execute ▁ . a sp x ? cmd ▁= con vert & mode = HTML ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
SHAP (words)Sitecore Experience Platform ( XP) v9. 3 was discovered to contain an authenticated remote code execution ( RCE) vulnerability via the component / Applications/ Content% 20Manager/ Execute. aspx? cmd= convert& mode= HTML
lrp-bert · Pred=CHANGED (1) · p=0.99 FP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Sitecore Experience Plat form ( XP ) v ##9 . 3 was di sc over ##ed to contain an authenticated remote code exec u ##tion ( RCE ) vulnerability via the component / App l ##ica ##tions / Content % 20 Manage r / Execute . as ##p ##x ? cmd = convert & mod e = HTML . [SEP]
LRP (+Pred, pos-only)[CLS] Sitecore Experience Plat form ( XP ) v ##9 . 3 was di sc over ##ed to contain an authenticated remote code exec u ##tion ( RCE ) vulnerability via the component / App l ##ica ##tions / Content % 20 Manage r / Execute . as ##p ##x ? cmd = convert & mod e = HTML . [SEP]
LIME (words)Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
SHAP (words)Sitecore Experience Platform ( XP) v9. 3 was discovered to contain an authenticated remote code execution ( RCE) vulnerability via the component / Applications/ Content% 20Manager/ Execute. aspx? cmd= convert& mode= HTML
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Sitecore Experience Plat form ( XP ) v ##9 . 3 was di sc over ##ed to contain an authenticated remote code exec u ##tion ( RCE ) vulnerability via the component / App l ##ica ##tions / Content % 20 Manage r / Execute . as ##p ##x ? cmd = convert & mod e = HTML . [SEP]
LRP (+Pred, pos-only)[CLS] Sitecore Experience Plat form ( XP ) v ##9 . 3 was di sc over ##ed to contain an authenticated remote code exec u ##tion ( RCE ) vulnerability via the component / App l ##ica ##tions / Content % 20 Manage r / Execute . as ##p ##x ? cmd = convert & mod e = HTML . [SEP]
LIME (words)Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
SHAP (words)Sitecore Experience Platform ( XP) v9. 3 was discovered to contain an authenticated remote code execution ( RCE) vulnerability via the component / Applications/ Content% 20Manager/ Execute. aspx? cmd= convert& mode= HTML
Download method SVGs Download ALL-in-one SVG
#20 · cve_id CVE-2019-8589 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁This ▁issue ▁was ▁addressed ▁with ▁improved ▁checks . ▁This ▁issue ▁is ▁fixed ▁in macOS Mojave ▁10 . 14 . 5 . ▁A malicious ▁application ▁may ▁bypass Gatekeeper ▁checks . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
SHAP (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10. 14. 5. A malicious application may bypass Gatekeeper checks
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] This issue was addressed with improved checks . This issue is fixed in macOS Mojave 10 . 14 . 5 . A malicious application may bypass Gatekeeper checks . [SEP]
LRP (+Pred, pos-only)[CLS] This issue was addressed with improved checks . This issue is fixed in macOS Mojave 10 . 14 . 5 . A malicious application may bypass Gatekeeper checks . [SEP]
LIME (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
SHAP (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10. 14. 5. A malicious application may bypass Gatekeeper checks
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] This issue was addressed with improved checks . This issue is fixed in macOS Mojave 10 . 14 . 5 . A malicious application may bypass Gatekeeper checks . [SEP]
LRP (+Pred, pos-only)[CLS] This issue was addressed with improved checks . This issue is fixed in macOS Mojave 10 . 14 . 5 . A malicious application may bypass Gatekeeper checks . [SEP]
LIME (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
SHAP (words)This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10. 14. 5. A malicious application may bypass Gatekeeper checks
Download method SVGs Download ALL-in-one SVG
#21 · cve_id CVE-2023-22347 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Out - of - bound ▁read ▁vulnerability ▁exists ▁in ▁Screen Creator Advan ▁ ce ▁2 ▁Ver . 0 . 1 . 1 . 4 Build ▁ 01 ▁and ▁earlier ▁because ▁the ▁end ▁of ▁data ▁cannot ▁be ▁verified ▁when ▁pro ce ssi ▁ ng ▁file ▁structure ▁in for matio ▁ n . ▁Having ▁a ▁user ▁of ▁Screen Creator Advan ▁ ce ▁2 ▁to ▁open ▁a spec ▁ i ally ▁crafted ▁project ▁file ▁may ▁lead ▁to ▁in for matio ▁ n ▁di sc ▁ los ure ▁and / or ▁arbitrary ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
SHAP (words)Out- of- bound read vulnerability exists in Screen Creator Advance 2 Ver. 0. 1. 1. 4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/ or arbitrary code execution
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Out - of - bound read vulnerability exists in Screen Creator Advan c ##e 2 Ver . 0 . 1 . 1 . 4 Build 01 and earlier because the end of data cannot be verified when pro ##ce ssi ng file struct u ##re info ##r matio n . Having a user of Screen Creator Advan c ##e 2 to open a spec i ##ally crafted project file may lead to info ##r matio n di sc los ##ure and / or arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Out - of - bound read vulnerability exists in Screen Creator Advan c ##e 2 Ver . 0 . 1 . 1 . 4 Build 01 and earlier because the end of data cannot be verified when pro ##ce ssi ng file struct u ##re info ##r matio n . Having a user of Screen Creator Advan c ##e 2 to open a spec i ##ally crafted project file may lead to info ##r matio n di sc los ##ure and / or arbitrary code exec u ##tion . [SEP]
LIME (words)Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
SHAP (words)Out- of- bound read vulnerability exists in Screen Creator Advance 2 Ver. 0. 1. 1. 4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/ or arbitrary code execution
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Out - of - bound read vulnerability exists in Screen Creator Advan c ##e 2 Ver . 0 . 1 . 1 . 4 Build 01 and earlier because the end of data cannot be verified when pro ##ce ssi ng file struct u ##re info ##r matio n . Having a user of Screen Creator Advan c ##e 2 to open a spec i ##ally crafted project file may lead to info ##r matio n di sc los ##ure and / or arbitrary code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] Out - of - bound read vulnerability exists in Screen Creator Advan c ##e 2 Ver . 0 . 1 . 1 . 4 Build 01 and earlier because the end of data cannot be verified when pro ##ce ssi ng file struct u ##re info ##r matio n . Having a user of Screen Creator Advan c ##e 2 to open a spec i ##ally crafted project file may lead to info ##r matio n di sc los ##ure and / or arbitrary code exec u ##tion . [SEP]
LIME (words)Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
SHAP (words)Out- of- bound read vulnerability exists in Screen Creator Advance 2 Ver. 0. 1. 1. 4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/ or arbitrary code execution
Download method SVGs Download ALL-in-one SVG
#22 · cve_id CVE-2023-38316 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁Open ND S Captive ▁Portal ▁before ▁version ▁10 . 1 . 2 . ▁When ▁the ▁custom ▁ une sc ▁a pe callback ▁is ▁enabled ▁attackers ▁can ▁execute ▁arbitrary ▁OS ▁commands ▁by inserting ▁them ▁into ▁the URL ▁portion ▁of HTTP ▁ GET ▁requests . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.
SHAP (words)An issue was discovered in OpenNDS Captive Portal before version 10. 1. 2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Open ##ND ##S Captive Portal before version 10 . 1 . 2 . When the custom une sc a ##pe callback is enabled attackers can exec u ##te arbitrary OS commands by inserting them int o the URL portion of HTTP GET requests . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Open ##ND ##S Captive Portal before version 10 . 1 . 2 . When the custom une sc a ##pe callback is enabled attackers can exec u ##te arbitrary OS commands by inserting them int o the URL portion of HTTP GET requests . [SEP]
LIME (words)An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.
SHAP (words)An issue was discovered in OpenNDS Captive Portal before version 10. 1. 2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests
lrp-distilbert · Pred=UNCHANGED (0) · p=0.98 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Open ##ND ##S Captive Portal before version 10 . 1 . 2 . When the custom une sc a ##pe callback is enabled attackers can exec u ##te arbitrary OS commands by inserting them int o the URL portion of HTTP GET requests . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Open ##ND ##S Captive Portal before version 10 . 1 . 2 . When the custom une sc a ##pe callback is enabled attackers can exec u ##te arbitrary OS commands by inserting them int o the URL portion of HTTP GET requests . [SEP]
LIME (words)An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.
SHAP (words)An issue was discovered in OpenNDS Captive Portal before version 10. 1. 2. When the custom unescape callback is enabled attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests
Download method SVGs Download ALL-in-one SVG
#23 · cve_id CVE-2021-2136 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Vulnerability ▁in ▁the ▁Oracle WebLogic ▁Server ▁product ▁of ▁Oracle ▁Fusion Middleware ▁ ( com ponent : ▁Core ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁12 . 1 . 3 . 0 . 0 ▁12 . 2 . 1 . 3 . 0 ▁12 . 2 . 1 . 4 . 0 ▁and ▁14 . 1 . 1 . 0 . 0 . Easily exploitable ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via IIOP ▁to ▁compromise ▁Oracle WebLogic ▁Server . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of ▁Oracle WebLogic ▁Server . CVSS ▁3 . 1 ▁Base ▁Score ▁9 . 8 ▁ ( Con fid ▁ ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector ▁ : ▁ ( CVSS ▁ : 3 . 1/ AV : N / AC : L / PR : N / UI ▁ : N / S : U / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component : Core ) . Supported versions that are affected are 12 . 1 . 3 . 0 . 0 12 . 2 . 1 . 3 . 0 12 . 2 . 1 . 4 . 0 and 14 . 1 . 1 . 0 . 0 . Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server . Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server . CVSS 3 . 1 Base Score 9 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : N / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0 12.2.1.3.0 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SHAP (words)Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware ( component: Core). Supported versions that are affected are 12. 1. 3. 0. 0 12. 2. 1. 3. 0 12. 2. 1. 4. 0 and 14. 1. 1. 0. 0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3. 1 Base Score 9. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: N/ S: U/ C: H/ I: H/ A: H
Download method SVGs Download ALL-in-one SVG
#24 · cve_id CVE-2022-1002 · s
GT=CHANGED (1)
xlnet · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Mattermost ▁6 . 3 . 0 ▁and ▁earlier ▁fails ▁to ▁properly sanitize ▁the HTML ▁content ▁in ▁the ▁email ▁invitation ▁sent ▁to ▁guest ▁users ▁which ▁allows ▁registered ▁users ▁with spec ▁ ial permissions ▁to ▁invite ▁guest ▁users ▁to inject unescaped HTML ▁content ▁in ▁the ▁email ▁invitation s . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
SHAP (words)Mattermost 6. 3. 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Mattermost 6 . 3 . 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with spec i ##al permissions to in ##v ite guest users to inject unescaped HTML content in the email invitation ##s . [SEP]
LRP (+Pred, pos-only)[CLS] Mattermost 6 . 3 . 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with spec i ##al permissions to in ##v ite guest users to inject unescaped HTML content in the email invitation ##s . [SEP]
LIME (words)Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
SHAP (words)Mattermost 6. 3. 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Mattermost 6 . 3 . 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with spec i ##al permissions to in ##v ite guest users to inject unescaped HTML content in the email invitation ##s . [SEP]
LRP (+Pred, pos-only)[CLS] Mattermost 6 . 3 . 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with spec i ##al permissions to in ##v ite guest users to inject unescaped HTML content in the email invitation ##s . [SEP]
LIME (words)Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
SHAP (words)Mattermost 6. 3. 0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations
Download method SVGs Download ALL-in-one SVG
#25 · cve_id CVE-2023-28559 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Memory ▁corruption ▁in WLAN ▁ FW ▁while ▁pro ce ssi ▁ ng ▁command param ▁ eter s ▁from untrusted WMI ▁payload . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
SHAP (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Memory corruption in WLAN FW while pro ##ce ssi ng command param et ##ers from untrusted WMI payload . [SEP]
LRP (+Pred, pos-only)[CLS] Memory corruption in WLAN FW while pro ##ce ssi ng command param et ##ers from untrusted WMI payload . [SEP]
LIME (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
SHAP (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Memory corruption in WLAN FW while pro ##ce ssi ng command param et ##ers from untrusted WMI payload . [SEP]
LRP (+Pred, pos-only)[CLS] Memory corruption in WLAN FW while pro ##ce ssi ng command param et ##ers from untrusted WMI payload . [SEP]
LIME (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload.
SHAP (words)Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload
Download method SVGs Download ALL-in-one SVG
#26 · cve_id CVE-2021-20793 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Untrusted ▁search ▁path ▁vulnerability ▁in ▁the installer ▁of ▁Sony ▁Audio ▁USB ▁Driver ▁V 1 . 10 ▁and ▁prior ▁and ▁the installer ▁of ▁H AP ▁Music ▁Transfer ▁Ver . 1 . 3 . 0 ▁and ▁prior ▁allows ▁an ▁attacker ▁to ▁gain ▁privileges ▁and ▁execute ▁arbitrary ▁code ▁via ▁a ▁Trojan ▁horse DLL ▁in ▁an unspecified ▁directory . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
SHAP (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1. 10 and prior and the installer of HAP Music Transfer Ver. 1. 3. 0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Untrusted search path vulnerability in the installer of Sony Audio USB Driver V ##1 . 10 and prior and the installer of HA P Music Transfer Ver . 1 . 3 . 0 and prior allows an attacker to gain privileges and exec u ##te arbitrary code via a Trojan horse DLL in an unspecified directory . [SEP]
LRP (+Pred, pos-only)[CLS] Untrusted search path vulnerability in the installer of Sony Audio USB Driver V ##1 . 10 and prior and the installer of HA P Music Transfer Ver . 1 . 3 . 0 and prior allows an attacker to gain privileges and exec u ##te arbitrary code via a Trojan horse DLL in an unspecified directory . [SEP]
LIME (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
SHAP (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1. 10 and prior and the installer of HAP Music Transfer Ver. 1. 3. 0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Untrusted search path vulnerability in the installer of Sony Audio USB Driver V ##1 . 10 and prior and the installer of HA P Music Transfer Ver . 1 . 3 . 0 and prior allows an attacker to gain privileges and exec u ##te arbitrary code via a Trojan horse DLL in an unspecified directory . [SEP]
LRP (+Pred, pos-only)[CLS] Untrusted search path vulnerability in the installer of Sony Audio USB Driver V ##1 . 10 and prior and the installer of HA P Music Transfer Ver . 1 . 3 . 0 and prior allows an attacker to gain privileges and exec u ##te arbitrary code via a Trojan horse DLL in an unspecified directory . [SEP]
LIME (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
SHAP (words)Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1. 10 and prior and the installer of HAP Music Transfer Ver. 1. 3. 0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory
Download method SVGs Download ALL-in-one SVG
#27 · cve_id CVE-2023-44150 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Exposure ▁of Sensitive ▁In for matio ▁ n ▁to ▁an Unauthorized ▁Actor ▁vulnerability ▁in ▁Profile Press ▁Membership ▁Team Paid ▁Membership Plugin Ecommerce Registration ▁Form Login ▁Form User ▁Profile ▁& ▁Re strict ▁Content ▁ – ▁Profile Press . This ▁issue ▁affects Paid ▁Membership Plugin Ecommerce Registration ▁Form Login ▁Form User ▁Profile ▁& ▁Re strict ▁Content ▁ – ▁Profile Press : ▁from ▁ n / a ▁through ▁4 . 13 . 2 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.
SHAP (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/ a through 4. 13. 2
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Exposure of Sensitive In ##fo ##r matio n to an Unauthorized Actor vulnerability in Profile ##P ##ress Members ##h ip Team Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress . This issue affects Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress : from n / a through 4 . 13 . 2 . [SEP]
LRP (+Pred, pos-only)[CLS] Exposure of Sensitive In ##fo ##r matio n to an Unauthorized Actor vulnerability in Profile ##P ##ress Members ##h ip Team Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress . This issue affects Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress : from n / a through 4 . 13 . 2 . [SEP]
LIME (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.
SHAP (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/ a through 4. 13. 2
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Exposure of Sensitive In ##fo ##r matio n to an Unauthorized Actor vulnerability in Profile ##P ##ress Members ##h ip Team Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress . This issue affects Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress : from n / a through 4 . 13 . 2 . [SEP]
LRP (+Pred, pos-only)[CLS] Exposure of Sensitive In ##fo ##r matio n to an Unauthorized Actor vulnerability in Profile ##P ##ress Members ##h ip Team Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress . This issue affects Paid Members ##h ip Plugin Ecommerce Registration Form Login Form User Profile & Rest ##ric ##t Content – Profile ##P ##ress : from n / a through 4 . 13 . 2 . [SEP]
LIME (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.
SHAP (words)Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin Ecommerce Registration Form Login Form User Profile & Restrict Content – ProfilePress: from n/ a through 4. 13. 2
Download method SVGs Download ALL-in-one SVG
#28 · cve_id CVE-2022-46631 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁TO TO link ▁A 7 100 RU ▁V 7 . 4 cu . 23 13 _ B 20 19 10 24 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁command inject ▁ ion ▁vulnerability ▁via ▁the ▁ w sc ▁Dis able d param ▁ eter ▁in ▁the ▁setting / set WiFi ▁Signal C f g ▁function . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
SHAP (words)TOTOlink A7100RU V7. 4cu. 2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/ setWiFiSignalCfg function
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TO ##TO ##link A ##7 ##100 ##R ##U V ##7 . 4 ##cu . 231 ##3 _ B ##20 ##19 ##10 ##24 was di sc over ##ed to contain a command inject ion vulnerability via the w sc Di ##sable ##d param et ##er in the setting / set WiFi Signal ##C ##f ##g function . [SEP]
LRP (+Pred, pos-only)[CLS] TO ##TO ##link A ##7 ##100 ##R ##U V ##7 . 4 ##cu . 231 ##3 _ B ##20 ##19 ##10 ##24 was di sc over ##ed to contain a command inject ion vulnerability via the w sc Di ##sable ##d param et ##er in the setting / set WiFi Signal ##C ##f ##g function . [SEP]
LIME (words)TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
SHAP (words)TOTOlink A7100RU V7. 4cu. 2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/ setWiFiSignalCfg function
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TO ##TO ##link A ##7 ##100 ##R ##U V ##7 . 4 ##cu . 231 ##3 _ B ##20 ##19 ##10 ##24 was di sc over ##ed to contain a command inject ion vulnerability via the w sc Di ##sable ##d param et ##er in the setting / set WiFi Signal ##C ##f ##g function . [SEP]
LRP (+Pred, pos-only)[CLS] TO ##TO ##link A ##7 ##100 ##R ##U V ##7 . 4 ##cu . 231 ##3 _ B ##20 ##19 ##10 ##24 was di sc over ##ed to contain a command inject ion vulnerability via the w sc Di ##sable ##d param et ##er in the setting / set WiFi Signal ##C ##f ##g function . [SEP]
LIME (words)TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
SHAP (words)TOTOlink A7100RU V7. 4cu. 2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/ setWiFiSignalCfg function
Download method SVGs Download ALL-in-one SVG
#29 · cve_id CVE-2023-49956 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁Dal mann ▁ OC PP . Co re ▁before ▁1 . 3 . 0 ▁for ▁ OC PP ▁ ( Open ▁Charge ▁Point ▁Protocol ) ▁for ▁electric ▁vehicles . ▁A ▁Stop Transaction ▁message ▁with ▁any ▁random ▁transaction I d terminates ▁active ▁transactions . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions.
SHAP (words)An issue was discovered in Dalmann OCPP. Core before 1. 3. 0 for OCPP ( Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Dal ##mann O ##CP ##P . Core before 1 . 3 . 0 for O ##CP ##P ( Open Charge Po int Protocol ) for electric vehicles . A Stop Transaction message with any random transaction ##I ##d terminates active transactions . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Dal ##mann O ##CP ##P . Core before 1 . 3 . 0 for O ##CP ##P ( Open Charge Po int Protocol ) for electric vehicles . A Stop Transaction message with any random transaction ##I ##d terminates active transactions . [SEP]
LIME (words)An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions.
SHAP (words)An issue was discovered in Dalmann OCPP. Core before 1. 3. 0 for OCPP ( Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in Dal ##mann O ##CP ##P . Core before 1 . 3 . 0 for O ##CP ##P ( Open Charge Po int Protocol ) for electric vehicles . A Stop Transaction message with any random transaction ##I ##d terminates active transactions . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in Dal ##mann O ##CP ##P . Core before 1 . 3 . 0 for O ##CP ##P ( Open Charge Po int Protocol ) for electric vehicles . A Stop Transaction message with any random transaction ##I ##d terminates active transactions . [SEP]
LIME (words)An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions.
SHAP (words)An issue was discovered in Dalmann OCPP. Core before 1. 3. 0 for OCPP ( Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions
Download method SVGs Download ALL-in-one SVG
#30 · cve_id CVE-2023-2874 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁which ▁was ▁ cla ssi ▁ fi ed ▁as ▁problematic ▁has ▁been ▁found ▁in ▁T wi ster Antivirus ▁8 . ▁This ▁issue ▁affects ▁the ▁function ▁0 x 80 4 f 21 58 / 0 x 80 4 f 21 54 / 0 x 80 4 f 21 50 / 0 x 80 4 f 2 15 c / 0 x 80 4 f 21 60 / 0 x 80 800 0 40 / 0 x 80 4 f 214 c / 0 x 80 4 f 21 48 / 0 x 80 4 f 214 4/ 0 x 80 11 20 e 4/ 0 x 80 4 f 213 c / 0 x 80 4 f 21 40 ▁in ▁the ▁library ▁ fil pp d . sys ▁of ▁the ▁component ▁I o Control Co de Handler ▁ . ▁The ▁manipulation ▁leads ▁to ▁denial ▁of ▁service . ▁At ta cking ▁locally ▁is ▁a ▁requirement . ▁The ▁exploit ▁has ▁been disclose ▁ d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The identifier ▁V DB - 22 98 53 ▁was ▁a ssi ▁ gne d ▁to ▁this ▁vulnerability . NOT ▁E : ▁The ▁vendor ▁was ▁contacted ▁early ▁about ▁this ▁di sc ▁ los ure ▁but ▁did ▁not ▁respond ▁in ▁any ▁way . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/ 0x804f2154/ 0x804f2150/ 0x804f215c/ 0x804f2160/ 0x80800040/ 0x804f214c/ 0x804f2148/ 0x804f2144/ 0x801120e4/ 0x804f213c/ 0x804f2140 in the library filppd. sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB- 229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in T ##wi ##ster Antivirus 8 . This issue affects the function 0 ##x ##80 ##4 ##f ##21 ##5 ##8 / 0 ##x ##80 ##4 ##f ##21 ##5 ##4 / 0 ##x ##80 ##4 ##f ##21 ##50 / 0 ##x ##80 ##4 ##f ##21 ##5 ##c / 0 ##x ##80 ##4 ##f ##21 ##60 / 0 ##x ##80 ##80 ##00 ##40 / 0 ##x ##80 ##4 ##f ##21 ##4 ##c / 0 ##x ##80 ##4 ##f ##21 ##48 / 0 ##x ##80 ##4 ##f ##21 ##44 / 0 ##x ##80 ##11 ##20 ##e ##4 / 0 ##x ##80 ##4 ##f ##21 ##3 ##c / 0 ##x ##80 ##4 ##f ##21 ##40 in the library fi ##l ##pp ##d . s ##ys of the component I ##o ##C ##ont ##rol ##C ##ode Handler . The man ip ul ##ation leads to denial of service . Attack ##ing locally is a requirement . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 229 ##8 ##53 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in T ##wi ##ster Antivirus 8 . This issue affects the function 0 ##x ##80 ##4 ##f ##21 ##5 ##8 / 0 ##x ##80 ##4 ##f ##21 ##5 ##4 / 0 ##x ##80 ##4 ##f ##21 ##50 / 0 ##x ##80 ##4 ##f ##21 ##5 ##c / 0 ##x ##80 ##4 ##f ##21 ##60 / 0 ##x ##80 ##80 ##00 ##40 / 0 ##x ##80 ##4 ##f ##21 ##4 ##c / 0 ##x ##80 ##4 ##f ##21 ##48 / 0 ##x ##80 ##4 ##f ##21 ##44 / 0 ##x ##80 ##11 ##20 ##e ##4 / 0 ##x ##80 ##4 ##f ##21 ##3 ##c / 0 ##x ##80 ##4 ##f ##21 ##40 in the library fi ##l ##pp ##d . s ##ys of the component I ##o ##C ##ont ##rol ##C ##ode Handler . The man ip ul ##ation leads to denial of service . Attack ##ing locally is a requirement . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 229 ##8 ##53 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/ 0x804f2154/ 0x804f2150/ 0x804f215c/ 0x804f2160/ 0x80800040/ 0x804f214c/ 0x804f2148/ 0x804f2144/ 0x801120e4/ 0x804f213c/ 0x804f2140 in the library filppd. sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB- 229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in T ##wi ##ster Antivirus 8 . This issue affects the function 0 ##x ##80 ##4 ##f ##21 ##5 ##8 / 0 ##x ##80 ##4 ##f ##21 ##5 ##4 / 0 ##x ##80 ##4 ##f ##21 ##50 / 0 ##x ##80 ##4 ##f ##21 ##5 ##c / 0 ##x ##80 ##4 ##f ##21 ##60 / 0 ##x ##80 ##80 ##00 ##40 / 0 ##x ##80 ##4 ##f ##21 ##4 ##c / 0 ##x ##80 ##4 ##f ##21 ##48 / 0 ##x ##80 ##4 ##f ##21 ##44 / 0 ##x ##80 ##11 ##20 ##e ##4 / 0 ##x ##80 ##4 ##f ##21 ##3 ##c / 0 ##x ##80 ##4 ##f ##21 ##40 in the library fi ##l ##pp ##d . s ##ys of the component I ##o ##C ##ont ##rol ##C ##ode Handler . The man ip ul ##ation leads to denial of service . Attack ##ing locally is a requirement . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 229 ##8 ##53 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability which was c ##la ssi fi ##ed as problematic has been found in T ##wi ##ster Antivirus 8 . This issue affects the function 0 ##x ##80 ##4 ##f ##21 ##5 ##8 / 0 ##x ##80 ##4 ##f ##21 ##5 ##4 / 0 ##x ##80 ##4 ##f ##21 ##50 / 0 ##x ##80 ##4 ##f ##21 ##5 ##c / 0 ##x ##80 ##4 ##f ##21 ##60 / 0 ##x ##80 ##80 ##00 ##40 / 0 ##x ##80 ##4 ##f ##21 ##4 ##c / 0 ##x ##80 ##4 ##f ##21 ##48 / 0 ##x ##80 ##4 ##f ##21 ##44 / 0 ##x ##80 ##11 ##20 ##e ##4 / 0 ##x ##80 ##4 ##f ##21 ##3 ##c / 0 ##x ##80 ##4 ##f ##21 ##40 in the library fi ##l ##pp ##d . s ##ys of the component I ##o ##C ##ont ##rol ##C ##ode Handler . The man ip ul ##ation leads to denial of service . Attack ##ing locally is a requirement . The exploit has been disclose d to the public and may be used . The identifier V ##D ##B - 229 ##8 ##53 was a ssi g ##ned to this vulnerability . NOT E : The vendor was contacted early about this di sc los ##ure but did not respond in any way . [SEP]
LIME (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SHAP (words)A vulnerability which was classified as problematic has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/ 0x804f2154/ 0x804f2150/ 0x804f215c/ 0x804f2160/ 0x80800040/ 0x804f214c/ 0x804f2148/ 0x804f2144/ 0x801120e4/ 0x804f213c/ 0x804f2140 in the library filppd. sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB- 229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way
Download method SVGs Download ALL-in-one SVG
#31 · cve_id CVE-2023-20806 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁ h c p ▁there ▁is ▁a ▁po ssi ▁ ble ▁out ▁of ▁bound s ▁write ▁due ▁to ▁a ▁mi ssi ▁ ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁System ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . ▁Patch ▁ID : ▁AL PS 07 340 43 3 ; ▁Issue ▁ID : ▁AL PS 07 53 74 37 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
SHAP (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In h ##c ##p there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##34 ##0 ##43 ##3 ; Issue ID : AL ##PS ##0 ##75 ##37 ##43 ##7 . [SEP]
LRP (+Pred, pos-only)[CLS] In h ##c ##p there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##34 ##0 ##43 ##3 ; Issue ID : AL ##PS ##0 ##75 ##37 ##43 ##7 . [SEP]
LIME (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
SHAP (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In h ##c ##p there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##34 ##0 ##43 ##3 ; Issue ID : AL ##PS ##0 ##75 ##37 ##43 ##7 . [SEP]
LRP (+Pred, pos-only)[CLS] In h ##c ##p there is a p ##o ssi b ##le out of bounds w ##r ite due to a mi ssi ng bounds check . This could lead to local escalation of privilege with System exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##34 ##0 ##43 ##3 ; Issue ID : AL ##PS ##0 ##75 ##37 ##43 ##7 . [SEP]
LIME (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.
SHAP (words)In hcp there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437
Download method SVGs Download ALL-in-one SVG
#32 · cve_id CVE-2019-10589 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Lack ▁of ▁length ▁check ▁of ▁response ▁buffer ▁can ▁lead ▁to ▁buffer ▁over - flow ▁while ▁GP ▁command ▁response ▁buffer ▁handling ▁in Snapdragon ▁Auto Snapdragon Compute Snapdragon Connectivity Snapdragon ▁Consumer IOT Snapdragon ▁Industrial IOT Snapdragon ▁Mobile Snapdragon ▁Voice ▁& ▁Music Snapdragon Wired ▁Infrastructure ▁and Networking ▁in ▁AP Q 80 17 ▁AP Q 80 53 ▁AP Q 80 98 MDM ▁9 206 MDM ▁96 07 MSM ▁89 17 MSM ▁89 20 MSM ▁89 37 MSM ▁89 40 MSM ▁89 53 MSM ▁89 98 ▁Q M 2 15 ▁ S DA 660 ▁ S DM 4 29 ▁ S DM 4 39 ▁ S DM 450 ▁ S DM 6 30 ▁ S DM 63 2 ▁ S DM 6 36 ▁ S DM 660 <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
SHAP (words)Lack of length check of response buffer can lead to buffer over- flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Lack of length check of response buffer can lead to buffer over - flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired In ##fra struct u ##re and Networking in AP ##Q ##80 ##17 AP ##Q ##80 ##53 AP ##Q ##80 ##9 ##8 MDM 92 ##0 ##6 MDM 96 ##0 ##7 MSM 89 ##17 MSM 89 ##20 MSM 89 ##37 MSM 89 ##40 MSM 89 ##53 MSM 89 ##9 ##8 Q ##M ##21 ##5 SD ##A ##6 ##60 S DM 42 ##9 S DM 43 ##9 S DM 450 S DM 630 S DM 63 ##2 S DM 63 ##6 S DM 660 [SEP]
LRP (+Pred, pos-only)[CLS] Lack of length check of response buffer can lead to buffer over - flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired In ##fra struct u ##re and Networking in AP ##Q ##80 ##17 AP ##Q ##80 ##53 AP ##Q ##80 ##9 ##8 MDM 92 ##0 ##6 MDM 96 ##0 ##7 MSM 89 ##17 MSM 89 ##20 MSM 89 ##37 MSM 89 ##40 MSM 89 ##53 MSM 89 ##9 ##8 Q ##M ##21 ##5 SD ##A ##6 ##60 S DM 42 ##9 S DM 43 ##9 S DM 450 S DM 630 S DM 63 ##2 S DM 63 ##6 S DM 660 [SEP]
LIME (words)Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
SHAP (words)Lack of length check of response buffer can lead to buffer over- flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Lack of length check of response buffer can lead to buffer over - flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired In ##fra struct u ##re and Networking in AP ##Q ##80 ##17 AP ##Q ##80 ##53 AP ##Q ##80 ##9 ##8 MDM 92 ##0 ##6 MDM 96 ##0 ##7 MSM 89 ##17 MSM 89 ##20 MSM 89 ##37 MSM 89 ##40 MSM 89 ##53 MSM 89 ##9 ##8 Q ##M ##21 ##5 SD ##A ##6 ##60 S DM 42 ##9 S DM 43 ##9 S DM 450 S DM 630 S DM 63 ##2 S DM 63 ##6 S DM 660 [SEP]
LRP (+Pred, pos-only)[CLS] Lack of length check of response buffer can lead to buffer over - flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired In ##fra struct u ##re and Networking in AP ##Q ##80 ##17 AP ##Q ##80 ##53 AP ##Q ##80 ##9 ##8 MDM 92 ##0 ##6 MDM 96 ##0 ##7 MSM 89 ##17 MSM 89 ##20 MSM 89 ##37 MSM 89 ##40 MSM 89 ##53 MSM 89 ##9 ##8 Q ##M ##21 ##5 SD ##A ##6 ##60 S DM 42 ##9 S DM 43 ##9 S DM 450 S DM 630 S DM 63 ##2 S DM 63 ##6 S DM 660 [SEP]
LIME (words)Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
SHAP (words)Lack of length check of response buffer can lead to buffer over- flow while GP command response buffer handling in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in APQ8017 APQ8053 APQ8098 MDM9206 MDM9607 MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8998 QM215 SDA660 SDM429 SDM439 SDM450 SDM630 SDM632 SDM636 SDM660
Download method SVGs Download ALL-in-one SVG
#33 · cve_id CVE-2021-32089 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁on ▁Ze bra ▁ ( formerly Motorola Solution ▁ s ) Fixed RFID ▁Reader ▁ FX 95 00 ▁devices . ▁An unauthenticated ▁attacker ▁can upload ▁arbitrary ▁files ▁to ▁the filesystem ▁that ▁can ▁then ▁be ▁accessed ▁through ▁the ▁web ▁interface . ▁This ▁can ▁lead ▁to ▁in for matio ▁ n ▁di sc ▁ los ure ▁and ▁code ▁execution . NOT ▁E : ▁This ▁vulnerability ▁only ▁affects ▁products ▁that ▁are ▁no ▁longer ▁supported ▁by ▁the maintainer <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
SHAP (words)An issue was discovered on Zebra ( formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed on Z ##eb ##ra ( formerly Motorola Solution s ) Fixed RFID Reader FX ##9 ##500 dev ice ##s . An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web int er ##face . This can lead to info ##r matio n di sc los ##ure and code exec u ##tion . NOT E : This vulnerability only affects products that are no longer supported by the maintainer [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed on Z ##eb ##ra ( formerly Motorola Solution s ) Fixed RFID Reader FX ##9 ##500 dev ice ##s . An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web int er ##face . This can lead to info ##r matio n di sc los ##ure and code exec u ##tion . NOT E : This vulnerability only affects products that are no longer supported by the maintainer [SEP]
LIME (words)An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
SHAP (words)An issue was discovered on Zebra ( formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
lrp-distilbert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed on Z ##eb ##ra ( formerly Motorola Solution s ) Fixed RFID Reader FX ##9 ##500 dev ice ##s . An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web int er ##face . This can lead to info ##r matio n di sc los ##ure and code exec u ##tion . NOT E : This vulnerability only affects products that are no longer supported by the maintainer [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed on Z ##eb ##ra ( formerly Motorola Solution s ) Fixed RFID Reader FX ##9 ##500 dev ice ##s . An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web int er ##face . This can lead to info ##r matio n di sc los ##ure and code exec u ##tion . NOT E : This vulnerability only affects products that are no longer supported by the maintainer [SEP]
LIME (words)An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
SHAP (words)An issue was discovered on Zebra ( formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Download method SVGs Download ALL-in-one SVG
#34 · cve_id CVE-2023-34228 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In JetBrains TeamCity ▁before ▁20 23 . 05 authentication ▁checks ▁were ▁mi ssi ▁ ng ▁ – ▁2 FA ▁was ▁not ▁checked ▁for ▁some ▁sensitive ▁account ▁actions <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
SHAP (words)In JetBrains TeamCity before 2023. 05 authentication checks were missing – 2FA was not checked for some sensitive account actions
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In JetBrains TeamCity before 202 ##3 . 05 authentication checks were mi ssi ng – 2 ##FA was not checked for some sensitive account actions [SEP]
LRP (+Pred, pos-only)[CLS] In JetBrains TeamCity before 202 ##3 . 05 authentication checks were mi ssi ng – 2 ##FA was not checked for some sensitive account actions [SEP]
LIME (words)In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
SHAP (words)In JetBrains TeamCity before 2023. 05 authentication checks were missing – 2FA was not checked for some sensitive account actions
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In JetBrains TeamCity before 202 ##3 . 05 authentication checks were mi ssi ng – 2 ##FA was not checked for some sensitive account actions [SEP]
LRP (+Pred, pos-only)[CLS] In JetBrains TeamCity before 202 ##3 . 05 authentication checks were mi ssi ng – 2 ##FA was not checked for some sensitive account actions [SEP]
LIME (words)In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
SHAP (words)In JetBrains TeamCity before 2023. 05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Download method SVGs Download ALL-in-one SVG
#35 · cve_id CVE-2022-32035 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Tenda ▁M 3 ▁V 1 . 0 . 0 . 12 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁stack overflow ▁via ▁the ▁function ▁form Master M ng . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
SHAP (words)Tenda M3 V1. 0. 0. 12 was discovered to contain a stack overflow via the function formMasterMng
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Tenda M ##3 V ##1 . 0 . 0 . 12 was di sc over ##ed to contain a stack overflow via the function form ##M ##aster ##M ##ng . [SEP]
LRP (+Pred, pos-only)[CLS] Tenda M ##3 V ##1 . 0 . 0 . 12 was di sc over ##ed to contain a stack overflow via the function form ##M ##aster ##M ##ng . [SEP]
LIME (words)Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
SHAP (words)Tenda M3 V1. 0. 0. 12 was discovered to contain a stack overflow via the function formMasterMng
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Tenda M ##3 V ##1 . 0 . 0 . 12 was di sc over ##ed to contain a stack overflow via the function form ##M ##aster ##M ##ng . [SEP]
LRP (+Pred, pos-only)[CLS] Tenda M ##3 V ##1 . 0 . 0 . 12 was di sc over ##ed to contain a stack overflow via the function form ##M ##aster ##M ##ng . [SEP]
LIME (words)Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
SHAP (words)Tenda M3 V1. 0. 0. 12 was discovered to contain a stack overflow via the function formMasterMng
Download method SVGs Download ALL-in-one SVG
#36 · cve_id CVE-2022-47437 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Auth ▁ . ▁ ( admin ▁+ ) Stored Cross-Site Scripting ▁ ( XSS ▁ ) ▁vulnerability ▁in ▁Bran ko ▁Bor il ovic ▁W SB ▁Brand s plugin ▁< = ▁1 . 1 . 8 ▁versions . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.
SHAP (words)Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1. 1. 8 versions
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in B ##rank ##o Bo ##ril ##ov ##ic W ##SB Brand ##s plugin < = 1 . 1 . 8 versions . [SEP]
LRP (+Pred, pos-only)[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in B ##rank ##o Bo ##ril ##ov ##ic W ##SB Brand ##s plugin < = 1 . 1 . 8 versions . [SEP]
LIME (words)Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.
SHAP (words)Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1. 1. 8 versions
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in B ##rank ##o Bo ##ril ##ov ##ic W ##SB Brand ##s plugin < = 1 . 1 . 8 versions . [SEP]
LRP (+Pred, pos-only)[CLS] Auth . ( admin + ) Stored Cross-Site Scripting ( XSS ) vulnerability in B ##rank ##o Bo ##ril ##ov ##ic W ##SB Brand ##s plugin < = 1 . 1 . 8 versions . [SEP]
LIME (words)Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.
SHAP (words)Auth. ( admin+) Stored Cross- Site Scripting ( XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1. 1. 8 versions
Download method SVGs Download ALL-in-one SVG
#37 · cve_id CVE-2023-46560 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)TOTOLINK ▁X 2000 R ▁G h ▁v 1 . 0 . 0 - B 20 2 30 221 . 09 48 . web ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁stack overflow ▁via ▁the ▁function ▁form T c pi p Setup ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
SHAP (words)TOTOLINK X2000R Gh v1. 0. 0- B20230221. 0948. web was discovered to contain a stack overflow via the function formTcpipSetup
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TOTOLINK X ##20 ##00 ##R G ##h v ##1 . 0 . 0 - B ##20 ##23 ##0 ##22 ##1 . 09 ##48 . web was di sc over ##ed to contain a stack overflow via the function form ##T ##c ##p ip Setup . [SEP]
LRP (+Pred, pos-only)[CLS] TOTOLINK X ##20 ##00 ##R G ##h v ##1 . 0 . 0 - B ##20 ##23 ##0 ##22 ##1 . 09 ##48 . web was di sc over ##ed to contain a stack overflow via the function form ##T ##c ##p ip Setup . [SEP]
LIME (words)TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
SHAP (words)TOTOLINK X2000R Gh v1. 0. 0- B20230221. 0948. web was discovered to contain a stack overflow via the function formTcpipSetup
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] TOTOLINK X ##20 ##00 ##R G ##h v ##1 . 0 . 0 - B ##20 ##23 ##0 ##22 ##1 . 09 ##48 . web was di sc over ##ed to contain a stack overflow via the function form ##T ##c ##p ip Setup . [SEP]
LRP (+Pred, pos-only)[CLS] TOTOLINK X ##20 ##00 ##R G ##h v ##1 . 0 . 0 - B ##20 ##23 ##0 ##22 ##1 . 09 ##48 . web was di sc over ##ed to contain a stack overflow via the function form ##T ##c ##p ip Setup . [SEP]
LIME (words)TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
SHAP (words)TOTOLINK X2000R Gh v1. 0. 0- B20230221. 0948. web was discovered to contain a stack overflow via the function formTcpipSetup
Download method SVGs Download ALL-in-one SVG
#38 · cve_id CVE-2023-5046 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Improper Neutralization ▁of ▁Special ▁ Element s ▁used ▁in ▁an ▁ SQL ▁Command ▁ ( ' SQL Injection ▁ ' ) ▁vulnerability ▁in ▁Bil ta y ▁Technology ▁Pro cost ▁allows ▁ SQL Injection ▁Command ▁Line Execution ▁through ▁ SQL Injection ▁ . This ▁issue ▁affects ▁Pro cost : ▁before ▁13 90 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection. This issue affects Procost: before 1390
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in B ##ilt ##ay Technology Pro ##cos ##t allows SQL Injection Command Line Execution through SQL Injection . This issue affects Pro ##cos ##t : before 139 ##0 . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in B ##ilt ##ay Technology Pro ##cos ##t allows SQL Injection Command Line Execution through SQL Injection . This issue affects Pro ##cos ##t : before 139 ##0 . [SEP]
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection. This issue affects Procost: before 1390
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in B ##ilt ##ay Technology Pro ##cos ##t allows SQL Injection Command Line Execution through SQL Injection . This issue affects Pro ##cos ##t : before 139 ##0 . [SEP]
LRP (+Pred, pos-only)[CLS] Improper Neutralization of Special Element s used in an SQL Command ( ' SQL Injection ' ) vulnerability in B ##ilt ##ay Technology Pro ##cos ##t allows SQL Injection Command Line Execution through SQL Injection . This issue affects Pro ##cos ##t : before 139 ##0 . [SEP]
LIME (words)Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection.This issue affects Procost: before 1390.
SHAP (words)Improper Neutralization of Special Elements used in an SQL Command (' SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection Command Line Execution through SQL Injection. This issue affects Procost: before 1390
Download method SVGs Download ALL-in-one SVG
#39 · cve_id CVE-2020-9933 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An auth ▁or ization ▁issue ▁was ▁addressed ▁with ▁improved ▁state ▁man a gem ▁ ent . ▁This ▁issue ▁is ▁fixed ▁in ▁iOS ▁13 . 6 ▁and iPadOS ▁13 . 6 tvOS ▁13 . 4 . 8 watchOS ▁6 . 2 . 8 . ▁A malicious ▁application ▁may ▁be ▁able ▁to ▁read ▁sensitive ▁location ▁in for matio ▁ n . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6 tvOS 13.4.8 watchOS 6.2.8. A malicious application may be able to read sensitive location information.
SHAP (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 tvOS 13. 4. 8 watchOS 6. 2. 8. A malicious application may be able to read sensitive location information
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An auth or ##ization issue was addressed with improved state man ##a gem en ##t . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 tvOS 13 . 4 . 8 watchOS 6 . 2 . 8 . A malicious application may be able to read sensitive location info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] An auth or ##ization issue was addressed with improved state man ##a gem en ##t . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 tvOS 13 . 4 . 8 watchOS 6 . 2 . 8 . A malicious application may be able to read sensitive location info ##r matio n . [SEP]
LIME (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6 tvOS 13.4.8 watchOS 6.2.8. A malicious application may be able to read sensitive location information.
SHAP (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 tvOS 13. 4. 8 watchOS 6. 2. 8. A malicious application may be able to read sensitive location information
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An auth or ##ization issue was addressed with improved state man ##a gem en ##t . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 tvOS 13 . 4 . 8 watchOS 6 . 2 . 8 . A malicious application may be able to read sensitive location info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] An auth or ##ization issue was addressed with improved state man ##a gem en ##t . This issue is fixed in iOS 13 . 6 and iPadOS 13 . 6 tvOS 13 . 4 . 8 watchOS 6 . 2 . 8 . A malicious application may be able to read sensitive location info ##r matio n . [SEP]
LIME (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6 tvOS 13.4.8 watchOS 6.2.8. A malicious application may be able to read sensitive location information.
SHAP (words)An authorization issue was addressed with improved state management. This issue is fixed in iOS 13. 6 and iPadOS 13. 6 tvOS 13. 4. 8 watchOS 6. 2. 8. A malicious application may be able to read sensitive location information
Download method SVGs Download ALL-in-one SVG
#40 · cve_id CVE-2022-46623 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Ju dging Manage ▁ ment ▁System ▁v 1 . 0 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁ SQL inject ▁ ion ▁vulnerability ▁via ▁the username param ▁ eter . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.
SHAP (words)Judging Management System v1. 0. 0 was discovered to contain a SQL injection vulnerability via the username parameter
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Ju ##dging Manage men ##t System v ##1 . 0 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the username param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Ju ##dging Manage men ##t System v ##1 . 0 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the username param et ##er . [SEP]
LIME (words)Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.
SHAP (words)Judging Management System v1. 0. 0 was discovered to contain a SQL injection vulnerability via the username parameter
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Ju ##dging Manage men ##t System v ##1 . 0 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the username param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Ju ##dging Manage men ##t System v ##1 . 0 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability via the username param et ##er . [SEP]
LIME (words)Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter.
SHAP (words)Judging Management System v1. 0. 0 was discovered to contain a SQL injection vulnerability via the username parameter
Download method SVGs Download ALL-in-one SVG
#41 · cve_id CVE-2020-10702 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A flaw ▁was ▁found ▁in QEMU ▁in ▁the ▁implementation ▁of ▁the Pointer Authentication ▁ ( P Auth ▁ ) ▁support ▁for ▁ ARM ▁introduced ▁in ▁version ▁4 . 0 ▁and ▁fixed ▁in ▁version ▁5 . 0 . 0 . ▁A ▁general ▁failure ▁of ▁the ▁signature ▁generation ▁process ▁caused ▁every ▁P Auth ▁ - en force d ▁ pointer ▁to ▁be ▁signed ▁with ▁the ▁same ▁signature . ▁A ▁local ▁attacker ▁could ▁obtain ▁the ▁signature ▁of ▁a ▁protected ▁ pointer ▁and ▁abuse ▁this flaw ▁to ▁bypass ▁P Auth ▁protection ▁for ▁all ▁programs ▁running ▁on QEMU ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
SHAP (words)A flaw was found in QEMU in the implementation of the Pointer Authentication ( PAuth) support for ARM introduced in version 4. 0 and fixed in version 5. 0. 0. A general failure of the signature generation process caused every PAuth- enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in QEMU in the implementation of the Pointer Authentication ( P Auth ) support for ARM int rod ##uce ##d in version 4 . 0 and fixed in version 5 . 0 . 0 . A general failure of the signature generation process caused every P Auth - enforced pointer to be signed with the same signature . A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass P Auth protection for all programs running on QEMU . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in QEMU in the implementation of the Pointer Authentication ( P Auth ) support for ARM int rod ##uce ##d in version 4 . 0 and fixed in version 5 . 0 . 0 . A general failure of the signature generation process caused every P Auth - enforced pointer to be signed with the same signature . A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass P Auth protection for all programs running on QEMU . [SEP]
LIME (words)A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
SHAP (words)A flaw was found in QEMU in the implementation of the Pointer Authentication ( PAuth) support for ARM introduced in version 4. 0 and fixed in version 5. 0. 0. A general failure of the signature generation process caused every PAuth- enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU
lrp-distilbert · Pred=UNCHANGED (0) · p=0.78 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A flaw was found in QEMU in the implementation of the Pointer Authentication ( P Auth ) support for ARM int rod ##uce ##d in version 4 . 0 and fixed in version 5 . 0 . 0 . A general failure of the signature generation process caused every P Auth - enforced pointer to be signed with the same signature . A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass P Auth protection for all programs running on QEMU . [SEP]
LRP (+Pred, pos-only)[CLS] A flaw was found in QEMU in the implementation of the Pointer Authentication ( P Auth ) support for ARM int rod ##uce ##d in version 4 . 0 and fixed in version 5 . 0 . 0 . A general failure of the signature generation process caused every P Auth - enforced pointer to be signed with the same signature . A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass P Auth protection for all programs running on QEMU . [SEP]
LIME (words)A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
SHAP (words)A flaw was found in QEMU in the implementation of the Pointer Authentication ( PAuth) support for ARM introduced in version 4. 0 and fixed in version 5. 0. 0. A general failure of the signature generation process caused every PAuth- enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU
Download method SVGs Download ALL-in-one SVG
#42 · cve_id CVE-2023-5673 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁ WP ▁Mail Log WordPress plugin ▁before ▁1 . 1 . 3 ▁does ▁not ▁properly validate ▁file ▁extensions uploading ▁files ▁to ▁attach ▁to ▁emails ▁allowing ▁attackers ▁to upload PHP ▁files ▁leading ▁to ▁remote ▁code ▁execution . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution.
SHAP (words)The WP Mail Log WordPress plugin before 1. 1. 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Mail Log WordPress plugin before 1 . 1 . 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] The WP Mail Log WordPress plugin before 1 . 1 . 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code exec u ##tion . [SEP]
LIME (words)The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution.
SHAP (words)The WP Mail Log WordPress plugin before 1. 1. 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The WP Mail Log WordPress plugin before 1 . 1 . 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code exec u ##tion . [SEP]
LRP (+Pred, pos-only)[CLS] The WP Mail Log WordPress plugin before 1 . 1 . 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code exec u ##tion . [SEP]
LIME (words)The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution.
SHAP (words)The WP Mail Log WordPress plugin before 1. 1. 3 does not properly validate file extensions uploading files to attach to emails allowing attackers to upload PHP files leading to remote code execution
Download method SVGs Download ALL-in-one SVG
#43 · cve_id CVE-2022-35808 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Azure ▁Site ▁Recovery Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Azure Site Recovery Elevation of Privilege Vulnerability
SHAP (words)Azure Site Recovery Elevation of Privilege Vulnerability
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Azure S ite Recovery Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Azure S ite Recovery Elevation of Privilege Vulnerability [SEP]
LIME (words)Azure Site Recovery Elevation of Privilege Vulnerability
SHAP (words)Azure Site Recovery Elevation of Privilege Vulnerability
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Azure S ite Recovery Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Azure S ite Recovery Elevation of Privilege Vulnerability [SEP]
LIME (words)Azure Site Recovery Elevation of Privilege Vulnerability
SHAP (words)Azure Site Recovery Elevation of Privilege Vulnerability
Download method SVGs Download ALL-in-one SVG
#44 · cve_id CVE-2021-40651 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁OS 4 Ed ▁Open SIS ▁Community ▁8 . 0 ▁is ▁vulnerable ▁to ▁a ▁local ▁file ▁inclusion ▁vulnerability ▁in Modules ▁ . php ▁ ( mod name param ▁ eter ) ▁which ▁can disclose ▁arbitrary ▁file ▁from ▁the ▁server ' s filesystem ▁as ▁long ▁as ▁the ▁application ▁has ▁access ▁to ▁the ▁file . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter) which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
SHAP (words)OS4Ed OpenSIS Community 8. 0 is vulnerable to a local file inclusion vulnerability in Modules. php ( modname parameter) which can disclose arbitrary file from the server' s filesystem as long as the application has access to the file
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] OS ##4 ##E ##d Open ##SI ##S Community 8 . 0 is vulnerable to a local file inclusion vulnerability in Modules . php ( mod name param et ##er ) which can disclose arbitrary file from the server ' s filesystem as long as the application has access to the file . [SEP]
LRP (+Pred, pos-only)[CLS] OS ##4 ##E ##d Open ##SI ##S Community 8 . 0 is vulnerable to a local file inclusion vulnerability in Modules . php ( mod name param et ##er ) which can disclose arbitrary file from the server ' s filesystem as long as the application has access to the file . [SEP]
LIME (words)OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter) which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
SHAP (words)OS4Ed OpenSIS Community 8. 0 is vulnerable to a local file inclusion vulnerability in Modules. php ( modname parameter) which can disclose arbitrary file from the server' s filesystem as long as the application has access to the file
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] OS ##4 ##E ##d Open ##SI ##S Community 8 . 0 is vulnerable to a local file inclusion vulnerability in Modules . php ( mod name param et ##er ) which can disclose arbitrary file from the server ' s filesystem as long as the application has access to the file . [SEP]
LRP (+Pred, pos-only)[CLS] OS ##4 ##E ##d Open ##SI ##S Community 8 . 0 is vulnerable to a local file inclusion vulnerability in Modules . php ( mod name param et ##er ) which can disclose arbitrary file from the server ' s filesystem as long as the application has access to the file . [SEP]
LIME (words)OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter) which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
SHAP (words)OS4Ed OpenSIS Community 8. 0 is vulnerable to a local file inclusion vulnerability in Modules. php ( modname parameter) which can disclose arbitrary file from the server' s filesystem as long as the application has access to the file
Download method SVGs Download ALL-in-one SVG
#45 · cve_id CVE-2021-33465 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁ ya s m ▁version ▁1 . 3 . 0 . ▁There ▁is ▁a NULL ▁ pointer dereference ▁in ▁expand _ m macro ▁ ( ) ▁in ▁modules / pre pro c s / nas m / nas m - pp . c . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
SHAP (words)An issue was discovered in yasm version 1. 3. 0. There is a NULL pointer dereference in expand_mmacro() in modules/ preprocs/ nasm/ nasm- pp. c
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in ya ##sm version 1 . 3 . 0 . There is a NULL pointer dereference in expand _ m macro ( ) in mod ul ##es / pre ##p ##ro ##cs / na ##sm / na ##sm - pp . c . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in ya ##sm version 1 . 3 . 0 . There is a NULL pointer dereference in expand _ m macro ( ) in mod ul ##es / pre ##p ##ro ##cs / na ##sm / na ##sm - pp . c . [SEP]
LIME (words)An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
SHAP (words)An issue was discovered in yasm version 1. 3. 0. There is a NULL pointer dereference in expand_mmacro() in modules/ preprocs/ nasm/ nasm- pp. c
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue was di sc over ##ed in ya ##sm version 1 . 3 . 0 . There is a NULL pointer dereference in expand _ m macro ( ) in mod ul ##es / pre ##p ##ro ##cs / na ##sm / na ##sm - pp . c . [SEP]
LRP (+Pred, pos-only)[CLS] An issue was di sc over ##ed in ya ##sm version 1 . 3 . 0 . There is a NULL pointer dereference in expand _ m macro ( ) in mod ul ##es / pre ##p ##ro ##cs / na ##sm / na ##sm - pp . c . [SEP]
LIME (words)An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.
SHAP (words)An issue was discovered in yasm version 1. 3. 0. There is a NULL pointer dereference in expand_mmacro() in modules/ preprocs/ nasm/ nasm- pp. c
Download method SVGs Download ALL-in-one SVG
#46 · cve_id CVE-2023-47685 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Cross-Site Request Forgery ▁ ( CSRF ▁ ) ▁vulnerability ▁in ▁Lu k man ▁N aki b ▁P reload ▁ er ▁Matrix . This ▁issue ▁affects ▁P reload ▁ er ▁Matrix : ▁from ▁ n / a ▁through ▁2 . 0 . 1 . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.
SHAP (words)Cross- Site Request Forgery ( CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/ a through 2. 0. 1
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Lu ##kman Na ##ki ##b P reload er Matrix . This issue affects P reload er Matrix : from n / a through 2 . 0 . 1 . [SEP]
LRP (+Pred, pos-only)[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Lu ##kman Na ##ki ##b P reload er Matrix . This issue affects P reload er Matrix : from n / a through 2 . 0 . 1 . [SEP]
LIME (words)Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.
SHAP (words)Cross- Site Request Forgery ( CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/ a through 2. 0. 1
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Lu ##kman Na ##ki ##b P reload er Matrix . This issue affects P reload er Matrix : from n / a through 2 . 0 . 1 . [SEP]
LRP (+Pred, pos-only)[CLS] Cross-Site Request Forgery ( CSRF ) vulnerability in Lu ##kman Na ##ki ##b P reload er Matrix . This issue affects P reload er Matrix : from n / a through 2 . 0 . 1 . [SEP]
LIME (words)Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.
SHAP (words)Cross- Site Request Forgery ( CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/ a through 2. 0. 1
Download method SVGs Download ALL-in-one SVG
#47 · cve_id CVE-2021-22888 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Revive Adserver ▁before ▁v 5 . 2 . 0 ▁is ▁vulnerable ▁to ▁a ▁reflected XSS ▁vulnerability ▁in ▁the ▁` stat us ` param ▁ eter ▁of ▁campaign - zone - zone s . php . ▁An ▁attacker ▁could ▁trick ▁a ▁user ▁with ▁access ▁to ▁the ▁user ▁interface ▁of ▁a Revive Adserver ▁instance ▁into ▁clicking ▁on ▁a spec ▁if ically ▁crafted URL ▁and ▁execute inject ▁ ed JavaScript ▁code . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
SHAP (words)Revive Adserver before v5. 2. 0 is vulnerable to a reflected XSS vulnerability in the ` status` parameter of campaign- zone- zones. php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Revive Adserver before v ##5 . 2 . 0 is vulnerable to a reflected XSS vulnerability in the ` status ` param et ##er of campaign - zone - zones . php . An attacker could trick a user with access to the user int er ##face of a Revive Adserver instance int o cli c ##king on a spec if ##ically crafted URL and exec u ##te inject ed JavaScript code . [SEP]
LRP (+Pred, pos-only)[CLS] Revive Adserver before v ##5 . 2 . 0 is vulnerable to a reflected XSS vulnerability in the ` status ` param et ##er of campaign - zone - zones . php . An attacker could trick a user with access to the user int er ##face of a Revive Adserver instance int o cli c ##king on a spec if ##ically crafted URL and exec u ##te inject ed JavaScript code . [SEP]
LIME (words)Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
SHAP (words)Revive Adserver before v5. 2. 0 is vulnerable to a reflected XSS vulnerability in the ` status` parameter of campaign- zone- zones. php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Revive Adserver before v ##5 . 2 . 0 is vulnerable to a reflected XSS vulnerability in the ` status ` param et ##er of campaign - zone - zones . php . An attacker could trick a user with access to the user int er ##face of a Revive Adserver instance int o cli c ##king on a spec if ##ically crafted URL and exec u ##te inject ed JavaScript code . [SEP]
LRP (+Pred, pos-only)[CLS] Revive Adserver before v ##5 . 2 . 0 is vulnerable to a reflected XSS vulnerability in the ` status ` param et ##er of campaign - zone - zones . php . An attacker could trick a user with access to the user int er ##face of a Revive Adserver instance int o cli c ##king on a spec if ##ically crafted URL and exec u ##te inject ed JavaScript code . [SEP]
LIME (words)Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
SHAP (words)Revive Adserver before v5. 2. 0 is vulnerable to a reflected XSS vulnerability in the ` status` parameter of campaign- zone- zones. php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code
Download method SVGs Download ALL-in-one SVG
#48 · cve_id CVE-2021-31898 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In JetBrains ▁Web S tor m ▁before ▁20 21 . 1 HTTP ▁requests ▁were ▁used ▁instead ▁of HTTPS ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In JetBrains WebStorm before 2021.1 HTTP requests were used instead of HTTPS.
SHAP (words)In JetBrains WebStorm before 2021. 1 HTTP requests were used instead of HTTPS
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In JetBrains Web ##S ##tor ##m before 202 ##1 . 1 HTTP requests were used instead of HTTPS . [SEP]
LRP (+Pred, pos-only)[CLS] In JetBrains Web ##S ##tor ##m before 202 ##1 . 1 HTTP requests were used instead of HTTPS . [SEP]
LIME (words)In JetBrains WebStorm before 2021.1 HTTP requests were used instead of HTTPS.
SHAP (words)In JetBrains WebStorm before 2021. 1 HTTP requests were used instead of HTTPS
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In JetBrains Web ##S ##tor ##m before 202 ##1 . 1 HTTP requests were used instead of HTTPS . [SEP]
LRP (+Pred, pos-only)[CLS] In JetBrains Web ##S ##tor ##m before 202 ##1 . 1 HTTP requests were used instead of HTTPS . [SEP]
LIME (words)In JetBrains WebStorm before 2021.1 HTTP requests were used instead of HTTPS.
SHAP (words)In JetBrains WebStorm before 2021. 1 HTTP requests were used instead of HTTPS
Download method SVGs Download ALL-in-one SVG
#49 · cve_id CVE-2022-26589 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A Cross-Site Request Forgery ▁ ( CSRF ▁ ) ▁in Pluck CMS ▁v 4 . 7 . 15 ▁allows ▁attackers ▁to delete ▁arbitrary ▁pages . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
SHAP (words)A Cross- Site Request Forgery ( CSRF) in Pluck CMS v4. 7. 15 allows attackers to delete arbitrary pages
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A Cross-Site Request Forgery ( CSRF ) in Pluck CMS v ##4 . 7 . 15 allows attackers to delete arbitrary pages . [SEP]
LRP (+Pred, pos-only)[CLS] A Cross-Site Request Forgery ( CSRF ) in Pluck CMS v ##4 . 7 . 15 allows attackers to delete arbitrary pages . [SEP]
LIME (words)A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
SHAP (words)A Cross- Site Request Forgery ( CSRF) in Pluck CMS v4. 7. 15 allows attackers to delete arbitrary pages
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A Cross-Site Request Forgery ( CSRF ) in Pluck CMS v ##4 . 7 . 15 allows attackers to delete arbitrary pages . [SEP]
LRP (+Pred, pos-only)[CLS] A Cross-Site Request Forgery ( CSRF ) in Pluck CMS v ##4 . 7 . 15 allows attackers to delete arbitrary pages . [SEP]
LIME (words)A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
SHAP (words)A Cross- Site Request Forgery ( CSRF) in Pluck CMS v4. 7. 15 allows attackers to delete arbitrary pages
Download method SVGs Download ALL-in-one SVG
#50 · cve_id CVE-2022-41241 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Jenkins ▁R Q M Plugin ▁2 . 8 ▁and ▁earlier ▁does ▁not configure ▁its ▁XML parser ▁to ▁prevent ▁XML ▁external ▁entity ▁ ( XXE ▁ ) ▁attacks . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
SHAP (words)Jenkins RQM Plugin 2. 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE) attacks
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Jenkins R ##Q ##M Plugin 2 . 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE ) attacks . [SEP]
LRP (+Pred, pos-only)[CLS] Jenkins R ##Q ##M Plugin 2 . 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE ) attacks . [SEP]
LIME (words)Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
SHAP (words)Jenkins RQM Plugin 2. 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE) attacks
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Jenkins R ##Q ##M Plugin 2 . 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE ) attacks . [SEP]
LRP (+Pred, pos-only)[CLS] Jenkins R ##Q ##M Plugin 2 . 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE ) attacks . [SEP]
LIME (words)Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
SHAP (words)Jenkins RQM Plugin 2. 8 and earlier does not configure its XML parser to prevent XML external entity ( XXE) attacks
Download method SVGs Download ALL-in-one SVG
#51 · cve_id CVE-2021-44791 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁Apache ▁Dr uid ▁0 . 22 . 1 ▁and ▁earlier ▁certain specially-crafted ▁links ▁result ▁in unescaped URL param ▁ eter s ▁being ▁sent ▁back ▁in HTML ▁responses . ▁This ▁makes ▁it ▁po ssi ▁ ble ▁to ▁execute ▁reflected XSS ▁attacks . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In Apache Druid 0.22.1 and earlier certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
SHAP (words)In Apache Druid 0. 22. 1 and earlier certain specially- crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Apache Dr uid 0 . 22 . 1 and earlier certain specially-crafted links result in unescaped URL param et ##ers being sent back in HTML responses . This makes it p ##o ssi b ##le to exec u ##te reflected XSS attacks . [SEP]
LRP (+Pred, pos-only)[CLS] In Apache Dr uid 0 . 22 . 1 and earlier certain specially-crafted links result in unescaped URL param et ##ers being sent back in HTML responses . This makes it p ##o ssi b ##le to exec u ##te reflected XSS attacks . [SEP]
LIME (words)In Apache Druid 0.22.1 and earlier certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
SHAP (words)In Apache Druid 0. 22. 1 and earlier certain specially- crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Apache Dr uid 0 . 22 . 1 and earlier certain specially-crafted links result in unescaped URL param et ##ers being sent back in HTML responses . This makes it p ##o ssi b ##le to exec u ##te reflected XSS attacks . [SEP]
LRP (+Pred, pos-only)[CLS] In Apache Dr uid 0 . 22 . 1 and earlier certain specially-crafted links result in unescaped URL param et ##ers being sent back in HTML responses . This makes it p ##o ssi b ##le to exec u ##te reflected XSS attacks . [SEP]
LIME (words)In Apache Druid 0.22.1 and earlier certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
SHAP (words)In Apache Druid 0. 22. 1 and earlier certain specially- crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks
Download method SVGs Download ALL-in-one SVG
#52 · cve_id CVE-2020-9492 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁In ▁Apache Hadoop ▁3 . 2 . 0 ▁to ▁3 . 2 . 1 ▁3 . 0 . 0 - al pha 1 ▁to ▁3 . 1 . 3 ▁and ▁2 . 0 . 0 - al pha ▁to ▁2 . 10 . 0 ▁Web HDFS ▁client ▁might ▁send ▁SP NE GO auth ▁or ization ▁header ▁to ▁remote URL ▁without ▁proper verification ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)In Apache Hadoop 3.2.0 to 3.2.1 3.0.0-alpha1 to 3.1.3 and 2.0.0-alpha to 2.10.0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
SHAP (words)In Apache Hadoop 3. 2. 0 to 3. 2. 1 3. 0. 0- alpha1 to 3. 1. 3 and 2. 0. 0- alpha to 2. 10. 0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Apache Hadoop 3 . 2 . 0 to 3 . 2 . 1 3 . 0 . 0 - alpha ##1 to 3 . 1 . 3 and 2 . 0 . 0 - alpha to 2 . 10 . 0 Web HDFS cli en ##t might send SP ##NE ##G ##O auth or ##ization header to remote URL without proper verification . [SEP]
LRP (+Pred, pos-only)[CLS] In Apache Hadoop 3 . 2 . 0 to 3 . 2 . 1 3 . 0 . 0 - alpha ##1 to 3 . 1 . 3 and 2 . 0 . 0 - alpha to 2 . 10 . 0 Web HDFS cli en ##t might send SP ##NE ##G ##O auth or ##ization header to remote URL without proper verification . [SEP]
LIME (words)In Apache Hadoop 3.2.0 to 3.2.1 3.0.0-alpha1 to 3.1.3 and 2.0.0-alpha to 2.10.0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
SHAP (words)In Apache Hadoop 3. 2. 0 to 3. 2. 1 3. 0. 0- alpha1 to 3. 1. 3 and 2. 0. 0- alpha to 2. 10. 0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] In Apache Hadoop 3 . 2 . 0 to 3 . 2 . 1 3 . 0 . 0 - alpha ##1 to 3 . 1 . 3 and 2 . 0 . 0 - alpha to 2 . 10 . 0 Web HDFS cli en ##t might send SP ##NE ##G ##O auth or ##ization header to remote URL without proper verification . [SEP]
LRP (+Pred, pos-only)[CLS] In Apache Hadoop 3 . 2 . 0 to 3 . 2 . 1 3 . 0 . 0 - alpha ##1 to 3 . 1 . 3 and 2 . 0 . 0 - alpha to 2 . 10 . 0 Web HDFS cli en ##t might send SP ##NE ##G ##O auth or ##ization header to remote URL without proper verification . [SEP]
LIME (words)In Apache Hadoop 3.2.0 to 3.2.1 3.0.0-alpha1 to 3.1.3 and 2.0.0-alpha to 2.10.0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
SHAP (words)In Apache Hadoop 3. 2. 0 to 3. 2. 1 3. 0. 0- alpha1 to 3. 1. 3 and 2. 0. 0- alpha to 2. 10. 0 WebHDFS client might send SPNEGO authorization header to remote URL without proper verification
Download method SVGs Download ALL-in-one SVG
#53 · cve_id CVE-2012-1105 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁In for matio ▁ n Disclosure ▁vulnerability ▁exists ▁in ▁the ▁Jas ig ▁Project ▁ php - pe ar - CAS ▁1 . 2 . 2 ▁package ▁in ▁the ▁ / tmp ▁directory . ▁The ▁Central Authentication ▁Service ▁client ▁library ▁archives ▁the debug ▁logging ▁file ▁in ▁an insecure ▁manner . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
SHAP (words)An Information Disclosure vulnerability exists in the Jasig Project php- pear- CAS 1. 2. 2 package in the / tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An In ##fo ##r matio n Disclosure vulnerability exists in the J ##asi ##g Project php - p ##ear - CAS 1 . 2 . 2 package in the / tmp directory . The Central Authentication Service cli en ##t library archives the debug logging file in an insecure manner . [SEP]
LRP (+Pred, pos-only)[CLS] An In ##fo ##r matio n Disclosure vulnerability exists in the J ##asi ##g Project php - p ##ear - CAS 1 . 2 . 2 package in the / tmp directory . The Central Authentication Service cli en ##t library archives the debug logging file in an insecure manner . [SEP]
LIME (words)An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
SHAP (words)An Information Disclosure vulnerability exists in the Jasig Project php- pear- CAS 1. 2. 2 package in the / tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An In ##fo ##r matio n Disclosure vulnerability exists in the J ##asi ##g Project php - p ##ear - CAS 1 . 2 . 2 package in the / tmp directory . The Central Authentication Service cli en ##t library archives the debug logging file in an insecure manner . [SEP]
LRP (+Pred, pos-only)[CLS] An In ##fo ##r matio n Disclosure vulnerability exists in the J ##asi ##g Project php - p ##ear - CAS 1 . 2 . 2 package in the / tmp directory . The Central Authentication Service cli en ##t library archives the debug logging file in an insecure manner . [SEP]
LIME (words)An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.
SHAP (words)An Information Disclosure vulnerability exists in the Jasig Project php- pear- CAS 1. 2. 2 package in the / tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner
Download method SVGs Download ALL-in-one SVG
#54 · cve_id CVE-2024-0238 · s
GT=CHANGED (1)
xlnet · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁Event ON Premium WordPress plugin ▁before ▁4 . 5 . 6 ▁Event ON WordPress plugin ▁before ▁2 . 2 . 8 ▁do ▁not ▁have authorisation ▁in ▁an AJAX ▁action ▁and ▁does ▁not ▁ensure ▁that ▁the ▁post ▁to ▁be ▁updated ▁belong ▁to ▁the plugin ▁allowing unauthenticated ▁users ▁to ▁update ▁arbitrary ▁post metadata ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The EventON Premium WordPress plugin before 4.5.6 EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata.
SHAP (words)The EventON Premium WordPress plugin before 4. 5. 6 EventON WordPress plugin before 2. 2. 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata
lrp-bert · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The Event ##ON Premium WordPress plugin before 4 . 5 . 6 Event ##ON WordPress plugin before 2 . 2 . 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata . [SEP]
LRP (+Pred, pos-only)[CLS] The Event ##ON Premium WordPress plugin before 4 . 5 . 6 Event ##ON WordPress plugin before 2 . 2 . 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata . [SEP]
LIME (words)The EventON Premium WordPress plugin before 4.5.6 EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata.
SHAP (words)The EventON Premium WordPress plugin before 4. 5. 6 EventON WordPress plugin before 2. 2. 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The Event ##ON Premium WordPress plugin before 4 . 5 . 6 Event ##ON WordPress plugin before 2 . 2 . 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata . [SEP]
LRP (+Pred, pos-only)[CLS] The Event ##ON Premium WordPress plugin before 4 . 5 . 6 Event ##ON WordPress plugin before 2 . 2 . 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata . [SEP]
LIME (words)The EventON Premium WordPress plugin before 4.5.6 EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata.
SHAP (words)The EventON Premium WordPress plugin before 4. 5. 6 EventON WordPress plugin before 2. 2. 8 do not have authorisation in an AJAX action and does not ensure that the post to be updated belong to the plugin allowing unauthenticated users to update arbitrary post metadata
Download method SVGs Download ALL-in-one SVG
#55 · cve_id CVE-2014-125050 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁was ▁found ▁in ▁Scott TZ ▁hang ▁voter - js ▁and ▁ cla ssi ▁ fi ed ▁as ▁critical . Affected ▁by ▁this ▁issue ▁is ▁some ▁unknown ▁functionality ▁of ▁the ▁file ▁main . js ▁ . ▁The ▁manipulation ▁leads ▁to sql inject ▁ ion . ▁The ▁patch ▁is ▁identified ▁as ▁63 17 c 67 a 5 60 61 a ee ae ed 3 cf 9 ec 66 5 f d 99 83 d 80 44 . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁V DB - 21 75 62 ▁is ▁the identifier ▁a ssi ▁ gne d ▁to ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.
SHAP (words)A vulnerability was found in ScottTZhang voter- js and classified as critical. Affected by this issue is some unknown functionality of the file main. js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB- 217562 is the identifier assigned to this vulnerability
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability was found in Scott TZ hang voter - js and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the file main . js . The man ip ul ##ation leads to sql inject ion . The patch is identified as 63 ##17 ##c ##6 ##7 ##a ##5 ##60 ##6 ##1 ##ae ##eae ##ed ##3 ##c ##f ##9 ##ec ##6 ##65 ##f ##d ##9 ##9 ##8 ##3 ##d ##80 ##44 . It is recommended to apply a patch to fix this issue . V ##D ##B - 217 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability was found in Scott TZ hang voter - js and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the file main . js . The man ip ul ##ation leads to sql inject ion . The patch is identified as 63 ##17 ##c ##6 ##7 ##a ##5 ##60 ##6 ##1 ##ae ##eae ##ed ##3 ##c ##f ##9 ##ec ##6 ##65 ##f ##d ##9 ##9 ##8 ##3 ##d ##80 ##44 . It is recommended to apply a patch to fix this issue . V ##D ##B - 217 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.
SHAP (words)A vulnerability was found in ScottTZhang voter- js and classified as critical. Affected by this issue is some unknown functionality of the file main. js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB- 217562 is the identifier assigned to this vulnerability
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability was found in Scott TZ hang voter - js and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the file main . js . The man ip ul ##ation leads to sql inject ion . The patch is identified as 63 ##17 ##c ##6 ##7 ##a ##5 ##60 ##6 ##1 ##ae ##eae ##ed ##3 ##c ##f ##9 ##ec ##6 ##65 ##f ##d ##9 ##9 ##8 ##3 ##d ##80 ##44 . It is recommended to apply a patch to fix this issue . V ##D ##B - 217 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability was found in Scott TZ hang voter - js and c ##la ssi fi ##ed as critical . Affected by this issue is some unknown functionality of the file main . js . The man ip ul ##ation leads to sql inject ion . The patch is identified as 63 ##17 ##c ##6 ##7 ##a ##5 ##60 ##6 ##1 ##ae ##eae ##ed ##3 ##c ##f ##9 ##ec ##6 ##65 ##f ##d ##9 ##9 ##8 ##3 ##d ##80 ##44 . It is recommended to apply a patch to fix this issue . V ##D ##B - 217 ##5 ##6 ##2 is the identifier a ssi g ##ned to this vulnerability . [SEP]
LIME (words)A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.
SHAP (words)A vulnerability was found in ScottTZhang voter- js and classified as critical. Affected by this issue is some unknown functionality of the file main. js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB- 217562 is the identifier assigned to this vulnerability
Download method SVGs Download ALL-in-one SVG
#56 · cve_id CVE-2015-3194 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)crypto ▁ / rs a / rs a _ ame th . c ▁in OpenSSL ▁1 . 0 . 1 ▁before ▁1 . 0 . 1 q ▁and ▁1 . 0 . 2 ▁before ▁1 . 0 . 2 e ▁allows ▁remote ▁attackers ▁to ▁cause ▁a ▁denial ▁of ▁service ▁ ( NULL ▁ pointer dereference ▁and ▁application ▁crash ) ▁via ▁an ▁ RSA ▁PS S ▁AS N . 1 ▁signature ▁that ▁lacks ▁a ▁mask ▁generation ▁function param ▁ eter . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
SHAP (words)crypto/ rsa/ rsa_ameth. c in OpenSSL 1. 0. 1 before 1. 0. 1q and 1. 0. 2 before 1. 0. 2e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash) via an RSA PSS ASN. 1 signature that lacks a mask generation function parameter
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] crypto / r ##sa / r ##sa _ am ##eth . c in OpenSSL 1 . 0 . 1 before 1 . 0 . 1 ##q and 1 . 0 . 2 before 1 . 0 . 2 ##e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash ) via an RSA PS ##S AS ##N . 1 signature that lacks a mask generation function param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] crypto / r ##sa / r ##sa _ am ##eth . c in OpenSSL 1 . 0 . 1 before 1 . 0 . 1 ##q and 1 . 0 . 2 before 1 . 0 . 2 ##e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash ) via an RSA PS ##S AS ##N . 1 signature that lacks a mask generation function param et ##er . [SEP]
LIME (words)crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
SHAP (words)crypto/ rsa/ rsa_ameth. c in OpenSSL 1. 0. 1 before 1. 0. 1q and 1. 0. 2 before 1. 0. 2e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash) via an RSA PSS ASN. 1 signature that lacks a mask generation function parameter
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] crypto / r ##sa / r ##sa _ am ##eth . c in OpenSSL 1 . 0 . 1 before 1 . 0 . 1 ##q and 1 . 0 . 2 before 1 . 0 . 2 ##e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash ) via an RSA PS ##S AS ##N . 1 signature that lacks a mask generation function param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] crypto / r ##sa / r ##sa _ am ##eth . c in OpenSSL 1 . 0 . 1 before 1 . 0 . 1 ##q and 1 . 0 . 2 before 1 . 0 . 2 ##e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash ) via an RSA PS ##S AS ##N . 1 signature that lacks a mask generation function param et ##er . [SEP]
LIME (words)crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
SHAP (words)crypto/ rsa/ rsa_ameth. c in OpenSSL 1. 0. 1 before 1. 0. 1q and 1. 0. 2 before 1. 0. 2e allows remote attackers to cause a denial of service ( NULL pointer dereference and application crash) via an RSA PSS ASN. 1 signature that lacks a mask generation function parameter
Download method SVGs Download ALL-in-one SVG
#57 · cve_id CVE-2019-19797 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁read _ color def ▁in ▁read . c ▁in ▁X fi g ▁fig 2 dev ▁3 . 2 . 7 b ▁has ▁an out-of-bounds ▁write . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
SHAP (words)read_colordef in read. c in Xfig fig2dev 3. 2. 7b has an out- of- bounds write
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] read _ color ##de ##f in read . c in X ##fi ##g fi ##g ##2 dev 3 . 2 . 7 ##b has an out-of-bounds w ##r ite . [SEP]
LRP (+Pred, pos-only)[CLS] read _ color ##de ##f in read . c in X ##fi ##g fi ##g ##2 dev 3 . 2 . 7 ##b has an out-of-bounds w ##r ite . [SEP]
LIME (words)read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
SHAP (words)read_colordef in read. c in Xfig fig2dev 3. 2. 7b has an out- of- bounds write
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] read _ color ##de ##f in read . c in X ##fi ##g fi ##g ##2 dev 3 . 2 . 7 ##b has an out-of-bounds w ##r ite . [SEP]
LRP (+Pred, pos-only)[CLS] read _ color ##de ##f in read . c in X ##fi ##g fi ##g ##2 dev 3 . 2 . 7 ##b has an out-of-bounds w ##r ite . [SEP]
LIME (words)read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
SHAP (words)read_colordef in read. c in Xfig fig2dev 3. 2. 7b has an out- of- bounds write
Download method SVGs Download ALL-in-one SVG
#58 · cve_id CVE-2020-26165 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)qdPM ▁through ▁9 . 1 ▁allows PHP ▁ Object Injection ▁via ▁time Re port Actions ▁ : : exec ute Export ▁in ▁core / app s / qdPM ▁ / mod ule s / time Re port / action s / action s . class . php ▁because unserialize ▁is ▁used . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
SHAP (words)qdPM through 9. 1 allows PHP Object Injection via timeReportActions:: executeExport in core/ apps/ qdPM/ modules/ timeReport/ actions/ actions. class. php because unserialize is used
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] qdPM through 9 . 1 allows PHP Object Injection via time ##R ##ep ##ort Actions : : exec u ##te Export in core / apps / qdPM / mod ul ##es / time ##R ##ep ##ort / actions / actions . class . php because unserialize is used . [SEP]
LRP (+Pred, pos-only)[CLS] qdPM through 9 . 1 allows PHP Object Injection via time ##R ##ep ##ort Actions : : exec u ##te Export in core / apps / qdPM / mod ul ##es / time ##R ##ep ##ort / actions / actions . class . php because unserialize is used . [SEP]
LIME (words)qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
SHAP (words)qdPM through 9. 1 allows PHP Object Injection via timeReportActions:: executeExport in core/ apps/ qdPM/ modules/ timeReport/ actions/ actions. class. php because unserialize is used
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] qdPM through 9 . 1 allows PHP Object Injection via time ##R ##ep ##ort Actions : : exec u ##te Export in core / apps / qdPM / mod ul ##es / time ##R ##ep ##ort / actions / actions . class . php because unserialize is used . [SEP]
LRP (+Pred, pos-only)[CLS] qdPM through 9 . 1 allows PHP Object Injection via time ##R ##ep ##ort Actions : : exec u ##te Export in core / apps / qdPM / mod ul ##es / time ##R ##ep ##ort / actions / actions . class . php because unserialize is used . [SEP]
LIME (words)qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
SHAP (words)qdPM through 9. 1 allows PHP Object Injection via timeReportActions:: executeExport in core/ apps/ qdPM/ modules/ timeReport/ actions/ actions. class. php because unserialize is used
Download method SVGs Download ALL-in-one SVG
#59 · cve_id CVE-2021-39817 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Adobe ▁Bridge ▁version ▁11 . 1 ▁ ( and ▁earlier ) ▁is ▁affected ▁by ▁a ▁memory ▁corruption ▁vulnerability ▁due ▁to insecure ▁handling ▁of ▁a malicious ▁Bridge ▁file ▁potentially ▁resulting ▁in ▁arbitrary ▁code ▁execution ▁in ▁the ▁context ▁of ▁the ▁current ▁user . User ▁interaction ▁is ▁required ▁to ▁exploit ▁this ▁vulnerability . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
SHAP (words)Adobe Bridge version 11. 1 ( and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Adobe Bridge version 11 . 1 ( and earlier ) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code exec u ##tion in the context of the current user . User int era ##ction is required to exploit this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] Adobe Bridge version 11 . 1 ( and earlier ) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code exec u ##tion in the context of the current user . User int era ##ction is required to exploit this vulnerability . [SEP]
LIME (words)Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
SHAP (words)Adobe Bridge version 11. 1 ( and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Adobe Bridge version 11 . 1 ( and earlier ) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code exec u ##tion in the context of the current user . User int era ##ction is required to exploit this vulnerability . [SEP]
LRP (+Pred, pos-only)[CLS] Adobe Bridge version 11 . 1 ( and earlier ) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code exec u ##tion in the context of the current user . User int era ##ction is required to exploit this vulnerability . [SEP]
LIME (words)Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
SHAP (words)Adobe Bridge version 11. 1 ( and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability
Download method SVGs Download ALL-in-one SVG
#60 · cve_id CVE-2021-33772 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Windows TCP ▁ / IP ▁Driver Denial ▁of ▁Service Vulnerability <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Windows TCP/IP Driver Denial of Service Vulnerability
SHAP (words)Windows TCP/ IP Driver Denial of Service Vulnerability
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Windows TCP / IP Driver Denial of Service Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Windows TCP / IP Driver Denial of Service Vulnerability [SEP]
LIME (words)Windows TCP/IP Driver Denial of Service Vulnerability
SHAP (words)Windows TCP/ IP Driver Denial of Service Vulnerability
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Windows TCP / IP Driver Denial of Service Vulnerability [SEP]
LRP (+Pred, pos-only)[CLS] Windows TCP / IP Driver Denial of Service Vulnerability [SEP]
LIME (words)Windows TCP/IP Driver Denial of Service Vulnerability
SHAP (words)Windows TCP/ IP Driver Denial of Service Vulnerability
Download method SVGs Download ALL-in-one SVG
#61 · cve_id CVE-2022-36106 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁ TY PO 3 ▁is ▁an ▁open ▁source PHP ▁based ▁web ▁content ▁man a gem ▁ ent ▁system ▁released ▁under ▁the GNU ▁G PL . ▁It ▁has ▁been ▁di sc ▁over ed ▁that ▁the expiration ▁time ▁of ▁a ▁password reset ▁link ▁for ▁ TY PO 3 backend ▁users ▁has ▁never ▁been eval ▁ u ated . ▁As ▁a ▁result ▁a ▁password reset ▁link ▁could ▁be ▁used ▁to ▁perform ▁a ▁password reset ▁even ▁if ▁the ▁default expiry ▁time ▁of ▁two ▁hours ▁has ▁been ▁exceeded . Update ▁to ▁ TY PO 3 ▁version ▁10 . 4 . 32 ▁or ▁11 . 5 . 16 ▁that ▁fix ▁the ▁problem . ▁There ▁are ▁no ▁known workarounds ▁for ▁this ▁issue . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
SHAP (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10. 4. 32 or 11. 5. 16 that fix the problem. There are no known workarounds for this issue
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] T ##YP ##O ##3 is an open source PHP based web content man ##a gem en ##t system released under the GNU GP ##L . It has been di sc over ##ed that the expiration time of a password reset link for T ##YP ##O ##3 backend users has never been eval u ##ated . As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded . Update to T ##YP ##O ##3 version 10 . 4 . 32 or 11 . 5 . 16 that fix the problem . There are no known workarounds for this issue . [SEP]
LRP (+Pred, pos-only)[CLS] T ##YP ##O ##3 is an open source PHP based web content man ##a gem en ##t system released under the GNU GP ##L . It has been di sc over ##ed that the expiration time of a password reset link for T ##YP ##O ##3 backend users has never been eval u ##ated . As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded . Update to T ##YP ##O ##3 version 10 . 4 . 32 or 11 . 5 . 16 that fix the problem . There are no known workarounds for this issue . [SEP]
LIME (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
SHAP (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10. 4. 32 or 11. 5. 16 that fix the problem. There are no known workarounds for this issue
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] T ##YP ##O ##3 is an open source PHP based web content man ##a gem en ##t system released under the GNU GP ##L . It has been di sc over ##ed that the expiration time of a password reset link for T ##YP ##O ##3 backend users has never been eval u ##ated . As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded . Update to T ##YP ##O ##3 version 10 . 4 . 32 or 11 . 5 . 16 that fix the problem . There are no known workarounds for this issue . [SEP]
LRP (+Pred, pos-only)[CLS] T ##YP ##O ##3 is an open source PHP based web content man ##a gem en ##t system released under the GNU GP ##L . It has been di sc over ##ed that the expiration time of a password reset link for T ##YP ##O ##3 backend users has never been eval u ##ated . As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded . Update to T ##YP ##O ##3 version 10 . 4 . 32 or 11 . 5 . 16 that fix the problem . There are no known workarounds for this issue . [SEP]
LIME (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
SHAP (words)TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10. 4. 32 or 11. 5. 16 that fix the problem. There are no known workarounds for this issue
Download method SVGs Download ALL-in-one SVG
#62 · cve_id CVE-2021-42659 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁There ▁is ▁a ▁buffer overflow ▁vulnerability ▁in ▁the ▁Web ▁server httpd ▁of ▁the router ▁in Tenda router ▁devices ▁such ▁as Tenda ▁AC 9 ▁V 1 . 0 ▁V 15 . 03 . 02 . 19 ( 63 18 ) ▁and Tenda ▁AC 9 ▁V 3 . 0 ▁V 15 . 03 . 06 . 42 _ multi . ▁When ▁setting ▁the ▁virtual ▁service ▁the httpd ▁program ▁will ▁crash ▁and ▁exit ▁when ▁the ▁super - long ▁list param ▁ eter ▁occurs . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service the httpd program will crash and exit when the super-long list parameter occurs.
SHAP (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1. 0 V15. 03. 02. 19( 6318) and Tenda AC9 V3. 0 V15. 03. 06. 42_multi. When setting the virtual service the httpd program will crash and exit when the super- long list parameter occurs
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router dev ice ##s such as Tenda AC ##9 V ##1 . 0 V ##15 . 03 . 02 . 19 ( 63 ##18 ) and Tenda AC ##9 V ##3 . 0 V ##15 . 03 . 06 . 42 _ multi . When setting the virtual service the httpd program will crash and exit when the super - long list param et ##er occurs . [SEP]
LRP (+Pred, pos-only)[CLS] There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router dev ice ##s such as Tenda AC ##9 V ##1 . 0 V ##15 . 03 . 02 . 19 ( 63 ##18 ) and Tenda AC ##9 V ##3 . 0 V ##15 . 03 . 06 . 42 _ multi . When setting the virtual service the httpd program will crash and exit when the super - long list param et ##er occurs . [SEP]
LIME (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service the httpd program will crash and exit when the super-long list parameter occurs.
SHAP (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1. 0 V15. 03. 02. 19( 6318) and Tenda AC9 V3. 0 V15. 03. 06. 42_multi. When setting the virtual service the httpd program will crash and exit when the super- long list parameter occurs
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router dev ice ##s such as Tenda AC ##9 V ##1 . 0 V ##15 . 03 . 02 . 19 ( 63 ##18 ) and Tenda AC ##9 V ##3 . 0 V ##15 . 03 . 06 . 42 _ multi . When setting the virtual service the httpd program will crash and exit when the super - long list param et ##er occurs . [SEP]
LRP (+Pred, pos-only)[CLS] There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router dev ice ##s such as Tenda AC ##9 V ##1 . 0 V ##15 . 03 . 02 . 19 ( 63 ##18 ) and Tenda AC ##9 V ##3 . 0 V ##15 . 03 . 06 . 42 _ multi . When setting the virtual service the httpd program will crash and exit when the super - long list param et ##er occurs . [SEP]
LIME (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service the httpd program will crash and exit when the super-long list parameter occurs.
SHAP (words)There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1. 0 V15. 03. 02. 19( 6318) and Tenda AC9 V3. 0 V15. 03. 06. 42_multi. When setting the virtual service the httpd program will crash and exit when the super- long list parameter occurs
Download method SVGs Download ALL-in-one SVG
#63 · cve_id CVE-2019-12769 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)SolarWinds Serv-U Managed ▁File ▁Transfer ▁ ( M FT ) ▁Web ▁client ▁before ▁15 . 1 . 6 Hotfix ▁2 ▁is ▁vulnerable ▁to Cross-Site Request Forgery ▁in ▁the ▁file upload ▁functionality ▁via ▁ ? Com man d = Upload ▁with ▁the ▁Di r ▁and ▁File param ▁ eter s . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
SHAP (words)SolarWinds Serv- U Managed File Transfer ( MFT) Web client before 15. 1. 6 Hotfix 2 is vulnerable to Cross- Site Request Forgery in the file upload functionality via ? Command= Upload with the Dir and File parameters
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] SolarWinds Serv-U Managed File Transfer ( M FT ) Web cli en ##t before 15 . 1 . 6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ? Command = Upload with the Di ##r and File param et ##ers . [SEP]
LRP (+Pred, pos-only)[CLS] SolarWinds Serv-U Managed File Transfer ( M FT ) Web cli en ##t before 15 . 1 . 6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ? Command = Upload with the Di ##r and File param et ##ers . [SEP]
LIME (words)SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
SHAP (words)SolarWinds Serv- U Managed File Transfer ( MFT) Web client before 15. 1. 6 Hotfix 2 is vulnerable to Cross- Site Request Forgery in the file upload functionality via ? Command= Upload with the Dir and File parameters
lrp-distilbert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] SolarWinds Serv-U Managed File Transfer ( M FT ) Web cli en ##t before 15 . 1 . 6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ? Command = Upload with the Di ##r and File param et ##ers . [SEP]
LRP (+Pred, pos-only)[CLS] SolarWinds Serv-U Managed File Transfer ( M FT ) Web cli en ##t before 15 . 1 . 6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ? Command = Upload with the Di ##r and File param et ##ers . [SEP]
LIME (words)SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters.
SHAP (words)SolarWinds Serv- U Managed File Transfer ( MFT) Web client before 15. 1. 6 Hotfix 2 is vulnerable to Cross- Site Request Forgery in the file upload functionality via ? Command= Upload with the Dir and File parameters
Download method SVGs Download ALL-in-one SVG
#64 · cve_id CVE-2019-10939 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁vulnerability ▁has ▁been ▁identified ▁in TIM ▁3 V - IE ▁ ( in cl . SIPLUS ▁ NET ▁variants ) ▁ ( All ▁versions ▁< ▁V 2 . 8 ) TIM ▁3 V - IE Advan ▁ ced ▁ ( in cl . SIPLUS ▁ NET ▁variants ) ▁ ( All ▁versions ▁< ▁V 2 . 8 ) TIM ▁3 V - IE ▁D NP 3 ▁ ( in cl . SIPLUS ▁ NET ▁variants ) ▁ ( All ▁versions ▁< ▁V 3 . 3 ) TIM ▁4 R - IE ▁ ( in cl . SIPLUS ▁ NET ▁variants ) ▁ ( All ▁versions ▁< ▁V 2 . 8 ) TIM ▁4 R - IE ▁D NP 3 ▁ ( in cl . SIPLUS ▁ NET ▁variants ) ▁ ( All ▁versions ▁< ▁V 3 . 3 ) . ▁The ▁affected ▁versions ▁contain ▁an ▁open debug ▁port ▁that ▁is ▁available ▁under ▁certain spec ▁ ific ▁conditions . ▁The ▁vulnerability ▁is ▁only ▁available ▁if ▁the ▁IP ▁address ▁is configured ▁to ▁19 2 . 168 . 1 . 2 . ▁If ▁available ▁the debug ▁port ▁could ▁be ▁exploited ▁by ▁an ▁attacker ▁with ▁network ▁access ▁to ▁the ▁device . ▁No ▁user ▁interaction ▁is ▁required ▁to ▁exploit ▁this ▁vulnerability . ▁The ▁vulnerability ▁impacts confidentiality ▁integrity ▁and ▁availability ▁of ▁the ▁affected ▁device . ▁At ▁the ▁stage ▁of ▁publishing ▁this ▁security ▁advisory ▁no ▁public ▁exploitation ▁is ▁known . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3) TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
SHAP (words)A vulnerability has been identified in TIM 3V- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE Advanced ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3) TIM 4R- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 4R- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192. 168. 1. 2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability has been identified in TIM 3 ##V - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE Advan c ##ed ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) TIM 4 ##R - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 4 ##R - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) . The affected versions contain an open debug port that is available under certain spec if ##ic conditions . The vulnerability is only available if the IP address is configured to 192 . 168 . 1 . 2 . If available the debug port could be ex ##p ##lo ite d by an attacker with network access to the dev ice . No user int era ##ction is required to exploit this vulnerability . The vulnerability impacts confidentiality int e ##g ##rity and availability of the affected dev ice . At the stage of publishing this se ##c uri t ##y advisory no public exploitation is known . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability has been identified in TIM 3 ##V - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE Advan c ##ed ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) TIM 4 ##R - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 4 ##R - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) . The affected versions contain an open debug port that is available under certain spec if ##ic conditions . The vulnerability is only available if the IP address is configured to 192 . 168 . 1 . 2 . If available the debug port could be ex ##p ##lo ite d by an attacker with network access to the dev ice . No user int era ##ction is required to exploit this vulnerability . The vulnerability impacts confidentiality int e ##g ##rity and availability of the affected dev ice . At the stage of publishing this se ##c uri t ##y advisory no public exploitation is known . [SEP]
LIME (words)A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3) TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
SHAP (words)A vulnerability has been identified in TIM 3V- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE Advanced ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3) TIM 4R- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 4R- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192. 168. 1. 2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A vulnerability has been identified in TIM 3 ##V - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE Advan c ##ed ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) TIM 4 ##R - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 4 ##R - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) . The affected versions contain an open debug port that is available under certain spec if ##ic conditions . The vulnerability is only available if the IP address is configured to 192 . 168 . 1 . 2 . If available the debug port could be ex ##p ##lo ite d by an attacker with network access to the dev ice . No user int era ##ction is required to exploit this vulnerability . The vulnerability impacts confidentiality int e ##g ##rity and availability of the affected dev ice . At the stage of publishing this se ##c uri t ##y advisory no public exploitation is known . [SEP]
LRP (+Pred, pos-only)[CLS] A vulnerability has been identified in TIM 3 ##V - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE Advan c ##ed ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 3 ##V - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) TIM 4 ##R - IE ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##2 . 8 ) TIM 4 ##R - IE DN P ##3 ( in ##c ##l . SIPLUS NET variants ) ( All versions < V ##3 . 3 ) . The affected versions contain an open debug port that is available under certain spec if ##ic conditions . The vulnerability is only available if the IP address is configured to 192 . 168 . 1 . 2 . If available the debug port could be ex ##p ##lo ite d by an attacker with network access to the dev ice . No user int era ##ction is required to exploit this vulnerability . The vulnerability impacts confidentiality int e ##g ##rity and availability of the affected dev ice . At the stage of publishing this se ##c uri t ##y advisory no public exploitation is known . [SEP]
LIME (words)A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8) TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3) TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8) TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.
SHAP (words)A vulnerability has been identified in TIM 3V- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE Advanced ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 3V- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3) TIM 4R- IE ( incl. SIPLUS NET variants) ( All versions < V2. 8) TIM 4R- IE DNP3 ( incl. SIPLUS NET variants) ( All versions < V3. 3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192. 168. 1. 2. If available the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality integrity and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known
Download method SVGs Download ALL-in-one SVG
#65 · cve_id CVE-2021-40824 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁logic err ▁or ▁in ▁the ▁room ▁key ▁sharing ▁functionality ▁of ▁ Element ▁Android ▁before ▁1 . 2 . 2 ▁and ▁matrix - android ▁ - s d k 2 ▁ ( aka ▁Matrix SDK ▁for ▁Android ) ▁before ▁1 . 2 . 2 ▁allows ▁a malicious ▁Matrix homeserver ▁present ▁in ▁an encrypted ▁room ▁to ▁steal ▁room encrypt ▁ ion ▁keys ▁ ( via ▁crafted ▁Matrix ▁protocol ▁messages ) ▁that ▁were ▁originally ▁sent ▁by ▁affected ▁Matrix ▁clients ▁participating ▁in ▁that ▁room . ▁This ▁allows ▁the ▁attacker ▁to decrypt ▁end - to - end encrypted ▁messages ▁sent ▁by ▁affected ▁clients . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.
SHAP (words)A logic error in the room key sharing functionality of Element Android before 1. 2. 2 and matrix- android- sdk2 ( aka Matrix SDK for Android) before 1. 2. 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys ( via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end- to- end encrypted messages sent by affected clients
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A logic err or in the room key sharing functionality of Element Android before 1 . 2 . 2 and matrix - android - s ##d ##k ##2 ( aka Matrix SDK for Android ) before 1 . 2 . 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypt ion keys ( via crafted Matrix protocol messages ) that were originally sent by affected Matrix cli en ##ts part ##ic ip at ##ing in that room . This allows the attacker to decrypt end - to - end encrypted messages sent by affected cli en ##ts . [SEP]
LRP (+Pred, pos-only)[CLS] A logic err or in the room key sharing functionality of Element Android before 1 . 2 . 2 and matrix - android - s ##d ##k ##2 ( aka Matrix SDK for Android ) before 1 . 2 . 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypt ion keys ( via crafted Matrix protocol messages ) that were originally sent by affected Matrix cli en ##ts part ##ic ip at ##ing in that room . This allows the attacker to decrypt end - to - end encrypted messages sent by affected cli en ##ts . [SEP]
LIME (words)A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.
SHAP (words)A logic error in the room key sharing functionality of Element Android before 1. 2. 2 and matrix- android- sdk2 ( aka Matrix SDK for Android) before 1. 2. 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys ( via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end- to- end encrypted messages sent by affected clients
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A logic err or in the room key sharing functionality of Element Android before 1 . 2 . 2 and matrix - android - s ##d ##k ##2 ( aka Matrix SDK for Android ) before 1 . 2 . 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypt ion keys ( via crafted Matrix protocol messages ) that were originally sent by affected Matrix cli en ##ts part ##ic ip at ##ing in that room . This allows the attacker to decrypt end - to - end encrypted messages sent by affected cli en ##ts . [SEP]
LRP (+Pred, pos-only)[CLS] A logic err or in the room key sharing functionality of Element Android before 1 . 2 . 2 and matrix - android - s ##d ##k ##2 ( aka Matrix SDK for Android ) before 1 . 2 . 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encrypt ion keys ( via crafted Matrix protocol messages ) that were originally sent by affected Matrix cli en ##ts part ##ic ip at ##ing in that room . This allows the attacker to decrypt end - to - end encrypted messages sent by affected cli en ##ts . [SEP]
LIME (words)A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.
SHAP (words)A logic error in the room key sharing functionality of Element Android before 1. 2. 2 and matrix- android- sdk2 ( aka Matrix SDK for Android) before 1. 2. 2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys ( via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end- to- end encrypted messages sent by affected clients
Download method SVGs Download ALL-in-one SVG
#66 · cve_id CVE-2019-10795 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁un def safe ▁before ▁2 . 0 . 3 ▁is ▁vulnerable ▁to Prototype Pollution ▁ . ▁The ▁ ' a ' ▁function ▁could ▁be tricked ▁into ▁adding ▁or modifying ▁properties ▁of ▁ Object . pro to type ▁using ▁a ▁_ _ pro to _ _ ▁payload . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
SHAP (words)undefsafe before 2. 0. 3 is vulnerable to Prototype Pollution. The ' a' function could be tricked into adding or modifying properties of Object. prototype using a __proto__ payload
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] und ##ef ##safe before 2 . 0 . 3 is vulnerable to Prototype Pollution . The ' a ' function could be tricked int o adding or modifying properties of Object . prototype using a _ _ pro ##to _ _ payload . [SEP]
LRP (+Pred, pos-only)[CLS] und ##ef ##safe before 2 . 0 . 3 is vulnerable to Prototype Pollution . The ' a ' function could be tricked int o adding or modifying properties of Object . prototype using a _ _ pro ##to _ _ payload . [SEP]
LIME (words)undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
SHAP (words)undefsafe before 2. 0. 3 is vulnerable to Prototype Pollution. The ' a' function could be tricked into adding or modifying properties of Object. prototype using a __proto__ payload
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] und ##ef ##safe before 2 . 0 . 3 is vulnerable to Prototype Pollution . The ' a ' function could be tricked int o adding or modifying properties of Object . prototype using a _ _ pro ##to _ _ payload . [SEP]
LRP (+Pred, pos-only)[CLS] und ##ef ##safe before 2 . 0 . 3 is vulnerable to Prototype Pollution . The ' a ' function could be tricked int o adding or modifying properties of Object . prototype using a _ _ pro ##to _ _ payload . [SEP]
LIME (words)undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
SHAP (words)undefsafe before 2. 0. 3 is vulnerable to Prototype Pollution. The ' a' function could be tricked into adding or modifying properties of Object. prototype using a __proto__ payload
Download method SVGs Download ALL-in-one SVG
#67 · cve_id CVE-2021-35299 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Incorrect ▁Access ▁Control ▁in Zammad ▁1 . 0 . x ▁up ▁to ▁4 . 0 . 0 ▁allows ▁attackers ▁to ▁obtain ▁sensitive ▁in for matio ▁ n ▁via ▁email ▁connection ▁configuration ▁probing . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
SHAP (words)Incorrect Access Control in Zammad 1. 0. x up to 4. 0. 0 allows attackers to obtain sensitive information via email connection configuration probing
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect Access Control in Zammad 1 . 0 . x up to 4 . 0 . 0 allows attackers to obtain sensitive info ##r matio n via email connection config u ##ration pro ##bing . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect Access Control in Zammad 1 . 0 . x up to 4 . 0 . 0 allows attackers to obtain sensitive info ##r matio n via email connection config u ##ration pro ##bing . [SEP]
LIME (words)Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
SHAP (words)Incorrect Access Control in Zammad 1. 0. x up to 4. 0. 0 allows attackers to obtain sensitive information via email connection configuration probing
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect Access Control in Zammad 1 . 0 . x up to 4 . 0 . 0 allows attackers to obtain sensitive info ##r matio n via email connection config u ##ration pro ##bing . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect Access Control in Zammad 1 . 0 . x up to 4 . 0 . 0 allows attackers to obtain sensitive info ##r matio n via email connection config u ##ration pro ##bing . [SEP]
LIME (words)Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
SHAP (words)Incorrect Access Control in Zammad 1. 0. x up to 4. 0. 0 allows attackers to obtain sensitive information via email connection configuration probing
Download method SVGs Download ALL-in-one SVG
#68 · cve_id CVE-2022-39915 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Improper ▁access ▁control ▁vulnerability ▁in ▁ Calendar ▁prior ▁to ▁versions ▁11 . 6 . 08 . 0 ▁in ▁Android ▁Q ( 10 ) ▁12 . 2 . 11 . 3 000 ▁in ▁Android ▁R ( 11 ) ▁12 . 3 . 07 . 2000 ▁in ▁Android ▁ S ( 12 ) ▁and ▁12 . 4 . 02 . 0 ▁in ▁Android ▁T ( 13 ) ▁allows ▁attackers ▁to ▁access ▁sensitive ▁in for matio ▁ n ▁via implicit ▁intent . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10) 12.2.11.3000 in Android R(11) 12.3.07.2000 in Android S(12) and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
SHAP (words)Improper access control vulnerability in Calendar prior to versions 11. 6. 08. 0 in Android Q( 10) 12. 2. 11. 3000 in Android R( 11) 12. 3. 07. 2000 in Android S( 12) and 12. 4. 02. 0 in Android T( 13) allows attackers to access sensitive information via implicit intent
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper access control vulnerability in Calendar prior to versions 11 . 6 . 08 . 0 in Android Q ( 10 ) 12 . 2 . 11 . 3000 in Android R ( 11 ) 12 . 3 . 07 . 2000 in Android S ( 12 ) and 12 . 4 . 02 . 0 in Android T ( 13 ) allows attackers to access sensitive info ##r matio n via implicit int en ##t . [SEP]
LRP (+Pred, pos-only)[CLS] Improper access control vulnerability in Calendar prior to versions 11 . 6 . 08 . 0 in Android Q ( 10 ) 12 . 2 . 11 . 3000 in Android R ( 11 ) 12 . 3 . 07 . 2000 in Android S ( 12 ) and 12 . 4 . 02 . 0 in Android T ( 13 ) allows attackers to access sensitive info ##r matio n via implicit int en ##t . [SEP]
LIME (words)Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10) 12.2.11.3000 in Android R(11) 12.3.07.2000 in Android S(12) and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
SHAP (words)Improper access control vulnerability in Calendar prior to versions 11. 6. 08. 0 in Android Q( 10) 12. 2. 11. 3000 in Android R( 11) 12. 3. 07. 2000 in Android S( 12) and 12. 4. 02. 0 in Android T( 13) allows attackers to access sensitive information via implicit intent
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Improper access control vulnerability in Calendar prior to versions 11 . 6 . 08 . 0 in Android Q ( 10 ) 12 . 2 . 11 . 3000 in Android R ( 11 ) 12 . 3 . 07 . 2000 in Android S ( 12 ) and 12 . 4 . 02 . 0 in Android T ( 13 ) allows attackers to access sensitive info ##r matio n via implicit int en ##t . [SEP]
LRP (+Pred, pos-only)[CLS] Improper access control vulnerability in Calendar prior to versions 11 . 6 . 08 . 0 in Android Q ( 10 ) 12 . 2 . 11 . 3000 in Android R ( 11 ) 12 . 3 . 07 . 2000 in Android S ( 12 ) and 12 . 4 . 02 . 0 in Android T ( 13 ) allows attackers to access sensitive info ##r matio n via implicit int en ##t . [SEP]
LIME (words)Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10) 12.2.11.3000 in Android R(11) 12.3.07.2000 in Android S(12) and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
SHAP (words)Improper access control vulnerability in Calendar prior to versions 11. 6. 08. 0 in Android Q( 10) 12. 2. 11. 3000 in Android R( 11) 12. 3. 07. 2000 in Android S( 12) and 12. 4. 02. 0 in Android T( 13) allows attackers to access sensitive information via implicit intent
Download method SVGs Download ALL-in-one SVG
#69 · cve_id CVE-2020-13942 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁It ▁is ▁po ssi ▁ ble ▁to inject malicious OGNL ▁or ▁M VEL sc ▁rip t s ▁into ▁the ▁ / con text . js ▁on ▁public endpoint ▁ . ▁This ▁was ▁partially ▁fixed ▁in ▁1 . 5 . 1 ▁but ▁a ▁new ▁attack ▁vector ▁was ▁found . ▁In ▁Apache ▁Un omi ▁version ▁1 . 5 . 2 sc ▁rip t s ▁are ▁now ▁completely ▁filtered ▁from ▁the ▁input . ▁It ▁is ▁highly ▁recommended ▁to ▁upgrade ▁to ▁the ▁latest ▁available ▁version ▁of ▁the ▁1 . 5 . x ▁release ▁to ▁fix ▁this ▁problem . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
SHAP (words)It is possible to inject malicious OGNL or MVEL scripts into the / context. json public endpoint. This was partially fixed in 1. 5. 1 but a new attack vector was found. In Apache Unomi version 1. 5. 2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1. 5. x release to fix this problem
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] It is p ##o ssi b ##le to inject malicious OGNL or MV EL sc r ip t ##s int o the / context . js on public endpoint . This was partially fixed in 1 . 5 . 1 but a new attack vector was found . In Apache Un ##omi version 1 . 5 . 2 sc r ip t ##s are now completely filtered from the input . It is highly recommended to upgrade to the latest available version of the 1 . 5 . x release to fix this problem . [SEP]
LRP (+Pred, pos-only)[CLS] It is p ##o ssi b ##le to inject malicious OGNL or MV EL sc r ip t ##s int o the / context . js on public endpoint . This was partially fixed in 1 . 5 . 1 but a new attack vector was found . In Apache Un ##omi version 1 . 5 . 2 sc r ip t ##s are now completely filtered from the input . It is highly recommended to upgrade to the latest available version of the 1 . 5 . x release to fix this problem . [SEP]
LIME (words)It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
SHAP (words)It is possible to inject malicious OGNL or MVEL scripts into the / context. json public endpoint. This was partially fixed in 1. 5. 1 but a new attack vector was found. In Apache Unomi version 1. 5. 2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1. 5. x release to fix this problem
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] It is p ##o ssi b ##le to inject malicious OGNL or MV EL sc r ip t ##s int o the / context . js on public endpoint . This was partially fixed in 1 . 5 . 1 but a new attack vector was found . In Apache Un ##omi version 1 . 5 . 2 sc r ip t ##s are now completely filtered from the input . It is highly recommended to upgrade to the latest available version of the 1 . 5 . x release to fix this problem . [SEP]
LRP (+Pred, pos-only)[CLS] It is p ##o ssi b ##le to inject malicious OGNL or MV EL sc r ip t ##s int o the / context . js on public endpoint . This was partially fixed in 1 . 5 . 1 but a new attack vector was found . In Apache Un ##omi version 1 . 5 . 2 sc r ip t ##s are now completely filtered from the input . It is highly recommended to upgrade to the latest available version of the 1 . 5 . x release to fix this problem . [SEP]
LIME (words)It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
SHAP (words)It is possible to inject malicious OGNL or MVEL scripts into the / context. json public endpoint. This was partially fixed in 1. 5. 1 but a new attack vector was found. In Apache Unomi version 1. 5. 2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1. 5. x release to fix this problem
Download method SVGs Download ALL-in-one SVG
#70 · cve_id CVE-2020-16154 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁App : : c pan min us ▁package ▁1 . 70 44 ▁for Perl ▁allows Signature Verification Bypass ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
SHAP (words)The App:: cpanminus package 1. 7044 for Perl allows Signature Verification Bypass
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The App : : c ##pan ##min ##us package 1 . 70 ##44 for Perl allows Signature Verification Bypass . [SEP]
LRP (+Pred, pos-only)[CLS] The App : : c ##pan ##min ##us package 1 . 70 ##44 for Perl allows Signature Verification Bypass . [SEP]
LIME (words)The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
SHAP (words)The App:: cpanminus package 1. 7044 for Perl allows Signature Verification Bypass
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The App : : c ##pan ##min ##us package 1 . 70 ##44 for Perl allows Signature Verification Bypass . [SEP]
LRP (+Pred, pos-only)[CLS] The App : : c ##pan ##min ##us package 1 . 70 ##44 for Perl allows Signature Verification Bypass . [SEP]
LIME (words)The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
SHAP (words)The App:: cpanminus package 1. 7044 for Perl allows Signature Verification Bypass
Download method SVGs Download ALL-in-one SVG
#71 · cve_id CVE-2019-1406 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁A ▁remote ▁code ▁execution ▁vulnerability ▁exists ▁when ▁the ▁Windows ▁Jet ▁Database ▁Engine improperly ▁handles ▁objects ▁in ▁memory ▁ aka ▁ ' Je t ▁Database ▁Engine Remote ▁Code Execution Vulnerability ▁ ' . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka 'Jet Database Engine Remote Code Execution Vulnerability'.
SHAP (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka ' Jet Database Engine Remote Code Execution Vulnerability
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A remote code exec u ##tion vulnerability exists when the Windows Jet Da tab as ##e Engine improperly handles objects in memory aka ' Jet Da tab as ##e Engine Remote Code Execution Vulnerability ' . [SEP]
LRP (+Pred, pos-only)[CLS] A remote code exec u ##tion vulnerability exists when the Windows Jet Da tab as ##e Engine improperly handles objects in memory aka ' Jet Da tab as ##e Engine Remote Code Execution Vulnerability ' . [SEP]
LIME (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka 'Jet Database Engine Remote Code Execution Vulnerability'.
SHAP (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka ' Jet Database Engine Remote Code Execution Vulnerability
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] A remote code exec u ##tion vulnerability exists when the Windows Jet Da tab as ##e Engine improperly handles objects in memory aka ' Jet Da tab as ##e Engine Remote Code Execution Vulnerability ' . [SEP]
LRP (+Pred, pos-only)[CLS] A remote code exec u ##tion vulnerability exists when the Windows Jet Da tab as ##e Engine improperly handles objects in memory aka ' Jet Da tab as ##e Engine Remote Code Execution Vulnerability ' . [SEP]
LIME (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka 'Jet Database Engine Remote Code Execution Vulnerability'.
SHAP (words)A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory aka ' Jet Database Engine Remote Code Execution Vulnerability
Download method SVGs Download ALL-in-one SVG
#72 · cve_id CVE-2020-14542 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Vulnerability ▁in ▁the ▁Oracle Solaris ▁product ▁of ▁Oracle ▁Systems ▁ ( com ponent : ▁ lib s uri ) . ▁The ▁supported ▁version ▁that ▁is ▁affected ▁is ▁11 . Easily exploitable ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with logon ▁to ▁the ▁infrastructure ▁where ▁Oracle Solaris executes ▁to ▁compromise ▁Oracle Solaris ▁ . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁read ▁access ▁to ▁a ▁subset ▁of ▁Oracle Solaris ▁ acce ssi ▁ ble ▁data . CVSS ▁3 . 1 ▁Base ▁Score ▁3 . 3 ▁ ( Con fid ▁ ential ity ▁impacts ) . CVSS Vector ▁ : ▁ ( CVSS ▁ : 3 . 1/ AV : L / AC : L / PR : L / UI ▁ : N / S : U / C : L / I : N / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LIME (words)Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LRP (+Pred, pos-only)[CLS] Vulnerability in the Oracle Solaris product of Oracle Systems ( component : l ##ib ##s uri ) . The supported version that is affected is 11 . Easily exploitable vulnerability allows low privileged attacker with logon to the in ##fra struct u ##re where Oracle Solaris executes to compromise Oracle Solaris . Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 3 . 3 ( Con fid en ##tial ##ity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : L / AC : L / PR : L / UI : N / S : U / C : L / I : N / A : N ) . [SEP]
LIME (words)Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
SHAP (words)Vulnerability in the Oracle Solaris product of Oracle Systems ( component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3. 1 Base Score 3. 3 ( Confidentiality impacts). CVSS Vector: ( CVSS: 3. 1/ AV: L/ AC: L/ PR: L/ UI: N/ S: U/ C: L/ I: N/ A: N
Download method SVGs Download ALL-in-one SVG
#73 · cve_id CVE-2021-22234 · s
GT=CHANGED (1)
xlnet · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁An ▁issue ▁has ▁been ▁di sc ▁over ed ▁in GitLab ▁ CE / EE ▁affecting ▁all ▁versions ▁starting ▁from ▁13 . 11 ▁before ▁13 . 11 . 7 ▁all ▁versions ▁starting ▁from ▁13 . 12 ▁before ▁13 . 12 . 8 ▁and ▁all ▁versions ▁starting ▁from ▁14 . 0 ▁before ▁14 . 0 . 4 . ▁A spec ▁ i ally ▁crafted ▁design ▁image ▁allowed ▁attackers ▁to ▁read ▁arbitrary ▁files ▁on ▁the ▁server . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7 all versions starting from 13.12 before 13.12.8 and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
SHAP (words)An issue has been discovered in GitLab CE/ EE affecting all versions starting from 13. 11 before 13. 11. 7 all versions starting from 13. 12 before 13. 12. 8 and all versions starting from 14. 0 before 14. 0. 4. A specially crafted design image allowed attackers to read arbitrary files on the server
lrp-bert · Pred=UNCHANGED (0) · p=0.99 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue has been di sc over ##ed in GitLab CE / EE affecting all versions s tar tin ##g from 13 . 11 before 13 . 11 . 7 all versions s tar tin ##g from 13 . 12 before 13 . 12 . 8 and all versions s tar tin ##g from 14 . 0 before 14 . 0 . 4 . A spec i ##ally crafted design image allowed attackers to read arbitrary files on the server . [SEP]
LRP (+Pred, pos-only)[CLS] An issue has been di sc over ##ed in GitLab CE / EE affecting all versions s tar tin ##g from 13 . 11 before 13 . 11 . 7 all versions s tar tin ##g from 13 . 12 before 13 . 12 . 8 and all versions s tar tin ##g from 14 . 0 before 14 . 0 . 4 . A spec i ##ally crafted design image allowed attackers to read arbitrary files on the server . [SEP]
LIME (words)An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7 all versions starting from 13.12 before 13.12.8 and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
SHAP (words)An issue has been discovered in GitLab CE/ EE affecting all versions starting from 13. 11 before 13. 11. 7 all versions starting from 13. 12 before 13. 12. 8 and all versions starting from 14. 0 before 14. 0. 4. A specially crafted design image allowed attackers to read arbitrary files on the server
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 FN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] An issue has been di sc over ##ed in GitLab CE / EE affecting all versions s tar tin ##g from 13 . 11 before 13 . 11 . 7 all versions s tar tin ##g from 13 . 12 before 13 . 12 . 8 and all versions s tar tin ##g from 14 . 0 before 14 . 0 . 4 . A spec i ##ally crafted design image allowed attackers to read arbitrary files on the server . [SEP]
LRP (+Pred, pos-only)[CLS] An issue has been di sc over ##ed in GitLab CE / EE affecting all versions s tar tin ##g from 13 . 11 before 13 . 11 . 7 all versions s tar tin ##g from 13 . 12 before 13 . 12 . 8 and all versions s tar tin ##g from 14 . 0 before 14 . 0 . 4 . A spec i ##ally crafted design image allowed attackers to read arbitrary files on the server . [SEP]
LIME (words)An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7 all versions starting from 13.12 before 13.12.8 and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
SHAP (words)An issue has been discovered in GitLab CE/ EE affecting all versions starting from 13. 11 before 13. 11. 7 all versions starting from 13. 12 before 13. 12. 8 and all versions starting from 14. 0 before 14. 0. 4. A specially crafted design image allowed attackers to read arbitrary files on the server
Download method SVGs Download ALL-in-one SVG
#74 · cve_id CVE-2023-48392 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Kai fa ▁Technology ▁Web I TR ▁is ▁an ▁online ▁attendance ▁system ▁it ▁has ▁a ▁vulnerability ▁in ▁using hard-coded encrypt ▁ ion ▁key . ▁An unauthenticated ▁remote ▁attacker ▁can ▁generate ▁valid ▁token param ▁ eter ▁and ▁exploit ▁this ▁vulnerability ▁to ▁access ▁system ▁with ▁arbitrary ▁user ▁account ▁including admin ▁is t rator ’ s ▁account ▁to ▁execute login ▁account ’ s permissions ▁and ▁obtain ▁relevant ▁in for matio ▁ n . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’s account to execute login account’s permissions and obtain relevant information.
SHAP (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard- coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’ s account to execute login account’ s permissions and obtain relevant information
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kai ##fa Technology Web ##IT ##R is an online attendance system it has a vulnerability in using hard-coded encrypt ion key . An unauthenticated remote attacker can generate valid token param et ##er and exploit this vulnerability to access system with arbitrary user account including admin is ##tra ##tor ’ s account to exec u ##te login account ’ s permissions and obtain relevant info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] Kai ##fa Technology Web ##IT ##R is an online attendance system it has a vulnerability in using hard-coded encrypt ion key . An unauthenticated remote attacker can generate valid token param et ##er and exploit this vulnerability to access system with arbitrary user account including admin is ##tra ##tor ’ s account to exec u ##te login account ’ s permissions and obtain relevant info ##r matio n . [SEP]
LIME (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’s account to execute login account’s permissions and obtain relevant information.
SHAP (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard- coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’ s account to execute login account’ s permissions and obtain relevant information
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Kai ##fa Technology Web ##IT ##R is an online attendance system it has a vulnerability in using hard-coded encrypt ion key . An unauthenticated remote attacker can generate valid token param et ##er and exploit this vulnerability to access system with arbitrary user account including admin is ##tra ##tor ’ s account to exec u ##te login account ’ s permissions and obtain relevant info ##r matio n . [SEP]
LRP (+Pred, pos-only)[CLS] Kai ##fa Technology Web ##IT ##R is an online attendance system it has a vulnerability in using hard-coded encrypt ion key . An unauthenticated remote attacker can generate valid token param et ##er and exploit this vulnerability to access system with arbitrary user account including admin is ##tra ##tor ’ s account to exec u ##te login account ’ s permissions and obtain relevant info ##r matio n . [SEP]
LIME (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’s account to execute login account’s permissions and obtain relevant information.
SHAP (words)Kaifa Technology WebITR is an online attendance system it has a vulnerability in using hard- coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account including administrator’ s account to execute login account’ s permissions and obtain relevant information
Download method SVGs Download ALL-in-one SVG
#75 · cve_id CVE-2023-6065 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁Q utter a ▁Web Malware Scanner WordPress plugin ▁before ▁3 . 4 . 2 . 1 ▁doesn ' t ▁restrict ▁access ▁to ▁detailed sc ▁an ▁logs ▁which ▁allows ▁a malicious ▁actor ▁to ▁di sc ▁over ▁local ▁paths ▁and ▁portions ▁of ▁the ▁site ' s ▁code <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site's code
SHAP (words)The Quttera Web Malware Scanner WordPress plugin before 3. 4. 2. 1 doesn' t restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site' s code
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The Q ##utter ##a Web Malware Scanner WordPress plugin before 3 . 4 . 2 . 1 doesn ' t restrict access to detailed sc an logs which allows a malicious actor to di sc over local paths and portions of the s ite ' s code [SEP]
LRP (+Pred, pos-only)[CLS] The Q ##utter ##a Web Malware Scanner WordPress plugin before 3 . 4 . 2 . 1 doesn ' t restrict access to detailed sc an logs which allows a malicious actor to di sc over local paths and portions of the s ite ' s code [SEP]
LIME (words)The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site's code
SHAP (words)The Quttera Web Malware Scanner WordPress plugin before 3. 4. 2. 1 doesn' t restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site' s code
lrp-distilbert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The Q ##utter ##a Web Malware Scanner WordPress plugin before 3 . 4 . 2 . 1 doesn ' t restrict access to detailed sc an logs which allows a malicious actor to di sc over local paths and portions of the s ite ' s code [SEP]
LRP (+Pred, pos-only)[CLS] The Q ##utter ##a Web Malware Scanner WordPress plugin before 3 . 4 . 2 . 1 doesn ' t restrict access to detailed sc an logs which allows a malicious actor to di sc over local paths and portions of the s ite ' s code [SEP]
LIME (words)The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site's code
SHAP (words)The Quttera Web Malware Scanner WordPress plugin before 3. 4. 2. 1 doesn' t restrict access to detailed scan logs which allows a malicious actor to discover local paths and portions of the site' s code
Download method SVGs Download ALL-in-one SVG
#76 · cve_id CVE-2022-45225 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Book ▁Store Manage ▁ ment ▁System ▁v 1 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a cross-site scripting ▁ ( XSS ▁ ) ▁vulnerability ▁in ▁ / bs m s _ ci / index . php / book . ▁This ▁vulnerability ▁allows ▁attackers ▁to ▁execute ▁arbitrary ▁web sc ▁rip t s ▁or HTML ▁via ▁a ▁crafted ▁payload inject ▁ ed ▁into ▁the ▁book _ title param ▁ eter . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
SHAP (words)Book Store Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability in / bsms_ci/ index. php/ book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Book Store Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in / b ##sm ##s _ c ##i / index . php / book . This vulnerability allows attackers to exec u ##te arbitrary web sc r ip t ##s or HTML via a crafted payload inject ed int o the book _ title param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Book Store Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in / b ##sm ##s _ c ##i / index . php / book . This vulnerability allows attackers to exec u ##te arbitrary web sc r ip t ##s or HTML via a crafted payload inject ed int o the book _ title param et ##er . [SEP]
LIME (words)Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
SHAP (words)Book Store Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability in / bsms_ci/ index. php/ book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Book Store Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in / b ##sm ##s _ c ##i / index . php / book . This vulnerability allows attackers to exec u ##te arbitrary web sc r ip t ##s or HTML via a crafted payload inject ed int o the book _ title param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Book Store Manage men ##t System v ##1 . 0 was di sc over ##ed to contain a cross-site scripting ( XSS ) vulnerability in / b ##sm ##s _ c ##i / index . php / book . This vulnerability allows attackers to exec u ##te arbitrary web sc r ip t ##s or HTML via a crafted payload inject ed int o the book _ title param et ##er . [SEP]
LIME (words)Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
SHAP (words)Book Store Management System v1. 0 was discovered to contain a cross- site scripting ( XSS) vulnerability in / bsms_ci/ index. php/ book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter
Download method SVGs Download ALL-in-one SVG
#77 · cve_id CVE-2022-23873 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁Victor CMS ▁v 1 . 0 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁ SQL inject ▁ ion ▁vulnerability ▁that ▁allows ▁attackers ▁to inject ▁arbitrary ▁commands ▁via ▁ ' user _ first name ' param ▁ eter . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
SHAP (words)Victor CMS v1. 0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via ' user_firstname' parameter
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Victor CMS v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability that allows attackers to inject arbitrary commands via ' user _ first ##name ' param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Victor CMS v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability that allows attackers to inject arbitrary commands via ' user _ first ##name ' param et ##er . [SEP]
LIME (words)Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
SHAP (words)Victor CMS v1. 0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via ' user_firstname' parameter
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Victor CMS v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability that allows attackers to inject arbitrary commands via ' user _ first ##name ' param et ##er . [SEP]
LRP (+Pred, pos-only)[CLS] Victor CMS v ##1 . 0 was di sc over ##ed to contain a SQL inject ion vulnerability that allows attackers to inject arbitrary commands via ' user _ first ##name ' param et ##er . [SEP]
LIME (words)Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
SHAP (words)Victor CMS v1. 0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via ' user_firstname' parameter
Download method SVGs Download ALL-in-one SVG
#78 · cve_id CVE-2022-4431 · s
GT=CHANGED (1)
xlnet · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)▁The ▁ WO OCS WordPress plugin ▁before ▁1 . 3 . 9 . 4 ▁does ▁not validate ▁and ▁ e sc ▁a pe ▁some ▁of ▁its shortcode ▁attributes ▁before outputting ▁them ▁back ▁in ▁the ▁page ▁which ▁could ▁allow ▁users ▁with ▁a ▁role ▁as ▁low ▁as ▁contributor ▁to ▁perform Stored Cross-Site Scripting ▁attacks ▁which ▁could ▁be ▁used ▁against ▁high ▁privilege ▁users ▁such ▁as admins ▁ . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
SHAP (words)The WOOCS WordPress plugin before 1. 3. 9. 4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross- Site Scripting attacks which could be used against high privilege users such as admins
lrp-bert · Pred=CHANGED (1) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The W ##O OCS WordPress plugin before 1 . 3 . 9 . 4 does not validate and e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins . [SEP]
LRP (+Pred, pos-only)[CLS] The W ##O OCS WordPress plugin before 1 . 3 . 9 . 4 does not validate and e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins . [SEP]
LIME (words)The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
SHAP (words)The WOOCS WordPress plugin before 1. 3. 9. 4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross- Site Scripting attacks which could be used against high privilege users such as admins
lrp-distilbert · Pred=CHANGED (1) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] The W ##O OCS WordPress plugin before 1 . 3 . 9 . 4 does not validate and e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins . [SEP]
LRP (+Pred, pos-only)[CLS] The W ##O OCS WordPress plugin before 1 . 3 . 9 . 4 does not validate and e sc a ##pe some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins . [SEP]
LIME (words)The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
SHAP (words)The WOOCS WordPress plugin before 1. 3. 9. 4 does not validate and escape some of its shortcode attributes before outputting them back in the page which could allow users with a role as low as contributor to perform Stored Cross- Site Scripting attacks which could be used against high privilege users such as admins
Download method SVGs Download ALL-in-one SVG
#79 · cve_id CVE-2023-39673 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Tenda ▁AC 15 ▁V 1 . 0 BR _ V 15 . 03 . 05 . 18 _ multi _ TD 01 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁buffer overflow ▁via ▁the ▁function ▁F UN _ 000 10 e 34 ( ) . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
SHAP (words)Tenda AC15 V1. 0BR_V15. 03. 05. 18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Tenda AC ##15 V ##1 . 0 ##BR _ V ##15 . 03 . 05 . 18 _ multi _ TD ##01 was di sc over ##ed to contain a buffer overflow via the function F ##UN _ 000 ##10 ##e ##34 ( ) . [SEP]
LRP (+Pred, pos-only)[CLS] Tenda AC ##15 V ##1 . 0 ##BR _ V ##15 . 03 . 05 . 18 _ multi _ TD ##01 was di sc over ##ed to contain a buffer overflow via the function F ##UN _ 000 ##10 ##e ##34 ( ) . [SEP]
LIME (words)Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
SHAP (words)Tenda AC15 V1. 0BR_V15. 03. 05. 18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Tenda AC ##15 V ##1 . 0 ##BR _ V ##15 . 03 . 05 . 18 _ multi _ TD ##01 was di sc over ##ed to contain a buffer overflow via the function F ##UN _ 000 ##10 ##e ##34 ( ) . [SEP]
LRP (+Pred, pos-only)[CLS] Tenda AC ##15 V ##1 . 0 ##BR _ V ##15 . 03 . 05 . 18 _ multi _ TD ##01 was di sc over ##ed to contain a buffer overflow via the function F ##UN _ 000 ##10 ##e ##34 ( ) . [SEP]
LIME (words)Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().
SHAP (words)Tenda AC15 V1. 0BR_V15. 03. 05. 18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34
Download method SVGs Download ALL-in-one SVG
#80 · cve_id CVE-2019-14765 · s
GT=UNCHANGED (0)
xlnet · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)Incorrect ▁Access ▁Control ▁in ▁A ff iche Exp lo rate ur Para m ( ) ▁in ▁DI MO ▁Yellow Box CRM ▁before ▁6 . 3 . 4 ▁allows ▁a ▁standard authenticated ▁user ▁to ▁use admin ▁is tra tive ▁controllers . <sep> <cls>
LRP (+Pred, pos-only)n/a
LIME (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.
SHAP (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6. 3. 4 allows a standard authenticated user to use administrative controllers
lrp-bert · Pred=UNCHANGED (0) · p=0.99 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect Access Control in A ##ff ##iche ##E ##x ##p ##lora ##te ##ur ##P ##ara ##m ( ) in D IM O Yellow ##B ##ox CRM before 6 . 3 . 4 allows a standard authenticated user to use admin is ##tra ##tive controllers . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect Access Control in A ##ff ##iche ##E ##x ##p ##lora ##te ##ur ##P ##ara ##m ( ) in D IM O Yellow ##B ##ox CRM before 6 . 3 . 4 allows a standard authenticated user to use admin is ##tra ##tive controllers . [SEP]
LIME (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.
SHAP (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6. 3. 4 allows a standard authenticated user to use administrative controllers
lrp-distilbert · Pred=UNCHANGED (0) · p=1.00 TN
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)[CLS] Incorrect Access Control in A ##ff ##iche ##E ##x ##p ##lora ##te ##ur ##P ##ara ##m ( ) in D IM O Yellow ##B ##ox CRM before 6 . 3 . 4 allows a standard authenticated user to use admin is ##tra ##tive controllers . [SEP]
LRP (+Pred, pos-only)[CLS] Incorrect Access Control in A ##ff ##iche ##E ##x ##p ##lora ##te ##ur ##P ##ara ##m ( ) in D IM O Yellow ##B ##ox CRM before 6 . 3 . 4 allows a standard authenticated user to use admin is ##tra ##tive controllers . [SEP]
LIME (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers.
SHAP (words)Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6. 3. 4 allows a standard authenticated user to use administrative controllers
Download method SVGs Download ALL-in-one SVG